Re: linux random capabilities ...
On Wed, Jul 31, 2002 at 07:51:03PM +1000, Jean-Francois Dive wrote:
> hello people,
> i was talking to a friend, and he was describing the inability of PC
> based security devices to have proper pseudo-random number generation.
> This sounds to me that i needed some investigation. My general question
> is: does someone ever heard about any type of cryptographic attack using
> flaws in the random number generation ? Is there (even therically) possibilites
> to be able to guess those numbers ? I know that some protocols add some
> more randomness (like ipsec, using the last cyphered block in the antropy
> pool etc..), but i'd like to have a clear idea on how secure those
> mechanims are.
Short answer: Linux mainly uses interrupt timings as an entropy
source, from devices that are fairly unpredictable. Assuming those
are secure, the entropy pool is protected by a SHA hash of it's state
when something needs random bits. (afaik) a SHA hash has no know
weaknesses, with the exception of brute force which is simply too big
Long answer: read drivers/char/random.c from your nearest linux source
> Finally, i read here and there some work on hardware random generation devices
> (based on radio activity readings, or diods based devices or whatever), is
> there anyone with some experience with those ?
Adam Olsen, aka Rhamphoryncus