Date: Sun, 4 Mar 2001 12:56:28 +0800 (+0800) From: Michael Robinson <robinson@netrinsics.com> To: freebsd-security@freebsd.org Subject: Re: random numbers Message-ID: <200103040456.f244uSZ15443@netrinsics.com>
next in thread | raw e-mail | index | archive | help
>Would /dev/urandom be acceptable for use in a one time pad encryption >system? Such a system is only as strong as the random number generator used >to generate the keys. > >I get the feeling that /dev/random would be a much better choice, but key >generation with that would be much slower. Caveat: last I checked, the /dev/[u]random device in -CURRENT was completely broken for crypto-grade randomness (it said as much in the source). >Does anyone know of any hardware that isn't to expensive and generates good >random numbers? Technically speaking, if you don't have one bit of entropy for each bit of pad, you don't have a true one-time pad. If you want to generate a lot of entropy cheaply, the common way to do it is take the digitized input of a sound card, make a conservative estimate of the number of bits of entropy per sample, and run as many samples as necessary through a cryptographic hash (e.g. SHA-1) until you have as many entropy bits in as hash bits out. If you aren't so insistant on a true one-time pad, you can always use the hash output to seed a Blum-Blum-Shub PRNG. -Michael Robinson To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200103040456.f244uSZ15443>