Re: linux random capabilities ...

[Adam Olsen <rhamph@d2dc.net>]

On Wed, Jul 31, 2002 at 07:51:03PM +1000, Jean-Francois Dive wrote:
> hello people,
> 
> i was talking to a friend, and he was describing the inability of PC
> based security devices to have proper pseudo-random number generation. 
> This sounds to me that i needed some investigation. My general question 
> is: does someone ever heard about any type of cryptographic attack using
> flaws in the random number generation ? Is there (even therically) possibilites
> to be able to guess those numbers ? I know that some protocols add some
> more randomness (like ipsec, using the last cyphered block in the antropy
> pool etc..), but i'd like to have a clear idea on how secure those
> mechanims are. 

Short answer: Linux mainly uses interrupt timings as an entropy
source, from devices that are fairly unpredictable.  Assuming those
are secure, the entropy pool is protected by a SHA hash of it's state
when something needs random bits.  (afaik) a SHA hash has no know
weaknesses, with the exception of brute force which is simply too big
to attempt.

Long answer: read drivers/char/random.c from your nearest linux source
tree.

> 
> Finally, i read here and there some work on hardware random generation devices
> (based on radio activity readings, or diods based devices or whatever), is
> there anyone with some experience with those ? 

-- 
Adam Olsen, aka Rhamphoryncus