Re: securing PRNG

From: jcduque (jcduque_at_lycos-dot-com.no-spam.invalid)
Date: 01/26/04

• Next message: mike3: "Re: My code is toast?"
• Previous message: Cristiano: "Re: issues with statistical test suite from http://csrc.nist.gov/rng/"
• In reply to: CipherGuy: "securing PRNG"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: 26 Jan 2004 14:34:49 -0600

> CipherGuywrote:
I have some queries to get answered by crypto experts in this group.
>
> (1) Is it possible to reverse engineer any crypto program,analyze
> its PRNG algorithm and get an idea of the PRN key used for
> encryption?
> What technique should I implement to secure my crypto program
> from this type of attack?
>
> (2) Suggest any FREE high-quality PRNG.

If you want a PRNG that runs on Linux/Unix machines, get EGD
(Entropy Gathering Daemon) from http://www.gnupg.org.

This is a standalone daemon that sits around running various
statistics
collection programs (ps, vmstat, iostat, etc). It hashes the results
into an
"entropy pool". If things happen on your system at relatively random
and
unpredictable times, then some of that randomness will become a part
of
the entropy pool and can be used to generate random numbers. It is
basically a user-space implementation of the /dev/random device.

Note that this Perl script uses the old SHA1 module. I would
recommend
that you install the newer Digest::SHA1 from CPAN, edit the egd script
and
replace all occurrences of "SHA" with "Digest::SHA1".

Julius

----== Posted via Newsfeed.Com - Unlimited-Uncensored-Secure Usenet News==----
http://www.newsfeed.com The #1 Newsgroup Service in the World! >100,000 Newsgroups
---= 19 East/West-Coast Specialized Servers - Total Privacy via Encryption =---

---

• Next message: mike3: "Re: My code is toast?"
• Previous message: Cristiano: "Re: issues with statistical test suite from http://csrc.nist.gov/rng/"
• In reply to: CipherGuy: "securing PRNG"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: [PROPOSAL/PATCH] Fortuna PRNG in /dev/random ... > in random.c with the Fortuna PRNG designed by Ferguson and Schneier (Practical ... The kernel will break if CONFIG_CRYPTO is false ... don't want crypto, then you don't want secure random numbers." ... design a system that is closer to "true randomness" as possible. ... (Linux-Kernel) Re: My encrypt/decrypt algorithm... ... >>Why do you always associate a PRNG with a list? ... Let me give you an example of this whole fiasco...A) a weak crypto ... The one I provided is secure up to the point when the solution is ... functional programming, ... (sci.crypt) Re: strengthening /dev/urandom ... ]>]I'd like to see you make a RNG without strong crypto primitives. ... RNG is NOT PRNG. ... ]> them by weak crypto, ... (sci.crypt) Re: Random Number Generation --> Hardware or Software? ... > cannot find bias in cryptographically strong PRNGs ... These the same crypto experts who bring us all these crackable ... A prng is just one more code. ... And I can't believe I agree with Macon. ... (comp.arch.embedded)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(13)