Re: random numbers

From: Michael Robinson (robinson@netrinsics.com)
Date: 03/04/01

• Next message: Mike Silbersack: "Re: random numbers"
• Previous message: Kris Kennaway: "Re: random numbers"
• Maybe in reply to: Joseph Gleason: "random numbers"
• Next in thread: Mike Silbersack: "Re: random numbers"
• Reply: Mike Silbersack: "Re: random numbers"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Sun, 4 Mar 2001 12:56:28 +0800 (+0800)
From: Michael Robinson <robinson@netrinsics.com>
To: freebsd-security@freebsd.org

>Would /dev/urandom be acceptable for use in a one time pad encryption
>system? Such a system is only as strong as the random number generator used
>to generate the keys.
>
>I get the feeling that /dev/random would be a much better choice, but key
>generation with that would be much slower.

Caveat: last I checked, the /dev/[u]random device in -CURRENT was completely
broken for crypto-grade randomness (it said as much in the source).

>Does anyone know of any hardware that isn't to expensive and generates good
>random numbers?

Technically speaking, if you don't have one bit of entropy for each bit of
pad, you don't have a true one-time pad. If you want to generate a lot of
entropy cheaply, the common way to do it is take the digitized input of a
sound card, make a conservative estimate of the number of bits of entropy
per sample, and run as many samples as necessary through a cryptographic hash
(e.g. SHA-1) until you have as many entropy bits in as hash bits out.

If you aren't so insistant on a true one-time pad, you can always use the
hash output to seed a Blum-Blum-Shub PRNG.

        -Michael Robinson

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

---

• Next message: Mike Silbersack: "Re: random numbers"
• Previous message: Kris Kennaway: "Re: random numbers"
• Maybe in reply to: Joseph Gleason: "random numbers"
• Next in thread: Mike Silbersack: "Re: random numbers"
• Reply: Mike Silbersack: "Re: random numbers"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: modulo ... ISTM that if you use a PRNG and generate more bits of pad than the ... PRNG has bits of entropy, then you no longer have a true OTP. ... (comp.programming) Re: Naîve Random Oracle Question ... The entropy of any fixed function is zero. ... (and the instantiation chosen for the random oracle is one possible ... Joe says "If I pick a one-time pad randomly, ... (sci.crypt) Estimating entropy of a stream ... I'm trying to set up a system to use audio static from a clock radio ... random number generator. ... I'm familiar with the general entropy ... to the output of the hash, then use the output as my random bits. ... (sci.crypt) Re: Estimating entropy of a stream ... random number generator (getting that static through the sound card). ... I'm familiar with the general entropy ... hash function. ... Entropy Randomness Generator: ... (sci.crypt) Re: Estimating entropy of a stream ... random number generator. ... I'm familiar with the general entropy ... to the output of the hash, then use the output as my random bits. ... processed data, but my instinct has been wrong in the past. ... (sci.crypt)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > FreeBSD-Security  > 2001-03