[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: linux random capabilities ...

On Wed, Jul 31, 2002 at 10:26:36AM -0500, Orlando wrote:
> On Wednesday 31 July 2002 06:08, Adam Olsen wrote:
> > Short answer: Linux mainly uses interrupt timings as an entropy
> > source, from devices that are fairly unpredictable.  Assuming those
> > are secure, the entropy pool is protected by a SHA hash of it's state
> > when something needs random bits.  (afaik) a SHA hash has no know
> > weaknesses, with the exception of brute force which is simply too big
> > to attempt.
> >
> untrue, consider the attack against Netscape's ssl implementation consider:
> "Ian Goldberg and David Wagner, "Randomness and the Netscape Browser", 
> Dr.Dobbs Journal, January 1996, p.66"
> http://www.ddj.com/documents/s=965/ddj9601h/9601h.htm

Netscape doesn't use /dev/random, it uses a pseudo-random number
generator.  Pseudo-rngs aren't random, and the developers should be
shot for doing it.

Anything wanting cryptographically secure random numbers needs to use
something like /dev/random.

> > Long answer: read drivers/char/random.c from your nearest linux source
> > tree.
> >
> > > Finally, i read here and there some work on hardware random generation
> > > devices (based on radio activity readings, or diods based devices or
> > > whatever), is there anyone with some experience with those ?
> yeah, I dont' know much about it but an article exists on P4's with a PRNG on 
> them.. If anyone can provide some more feedback on this I'd love to hear them 
> out, I myself have not had time to read the article I'm about to link or do 
> any research on this whatso ever.
> www.g0thead.com/papers/Cryptography/IntelRNG.pdf

It looks like the P4 has a hardware RNG, not a psuedo-rng (which would
be useless, and could be implimented in software easily).

As far as the linux /dev/random is concerned, that hardware RNG is
just another source of entropy.  It has the advantage that it may be
used in situations where there's no other source, but either way you
just get random data out of it.

> www.g0thead.com/ssl_notes.txt  unfinished research on ssl - I apologize on any 
> wrong information provided in this text as I said it's unfinished research 
> and all comments/corrections/flames are welcome :)

Adam Olsen, aka Rhamphoryncus

Reply to: