Jump to content

Random thoughts


G+_Lee Crocker
 Share

Recommended Posts

Random thoughts....

 

Great episode with Steve. While I greatly admire his talents and accomplishments, I should point out that entropy collection is nothing new. The Linux kernel does this and exposes two interfaces: reading /dev/urandom returns bits from a PRNG fed by this entropy pool. Reading /dev/random is similar, but will actually block until there is enough entropy to ensure the read is completely random. It is quite suitable for cryptographic applications. BSD and OSX use an even better harvester called Yarrow. The best harvester is probably an algorithm called Fortuna by Ferguson & Schneier (yes, that Schneier), but I'm not aware of any OS that uses it.

 

Linux will also expose a hardware-based RNG as /dev/hwrng of you have one, as many chips today do.

 

I'm surprised he didn't also mention harvesting entropy on the mobile side... we have a big advantage here that a digital camera using CCDs or CMOS photosensors can generate true quantum randomness just like a reverse-biased diode. If you have none of the above available to you, there are services like random.org that provide true random numbers from things like weather data.

 

And of course programmers should all be taught the most important thing about cryptographic algorithms and RNGs: Don't "roll your own". Use well-known, tested algorithms, and use them exactly as designed. Any "improvement" you make is very likely to make it worse. Never use "common sense" to reason about higher math; it doesn't work.

Link to comment
Share on other sites

 Share

×
×
  • Create New...