From owner-freebsd-security Sat Mar 3 20:56:34 2001 Delivered-To: freebsd-security@freebsd.org Received: from neptune.he.net (neptune.he.net [216.218.166.2]) by hub.freebsd.org (Postfix) with ESMTP id 0378637B71A for ; Sat, 3 Mar 2001 20:56:32 -0800 (PST) (envelope-from robinson@netrinsics.com) Received: from netrinsics.com ([61.135.21.69] (may be forged)) by neptune.he.net (8.8.6/8.8.2) with ESMTP id UAA19293 for ; Sat, 3 Mar 2001 20:56:39 -0800 Received: (from robinson@localhost) by netrinsics.com (8.11.2/8.11.1) id f244uSZ15443 for freebsd-security@outbound.freebsd.org.; Sun, 4 Mar 2001 12:56:28 +0800 (+0800) (envelope-from robinson) Date: Sun, 4 Mar 2001 12:56:28 +0800 (+0800) From: Michael Robinson Message-Id: <200103040456.f244uSZ15443@netrinsics.com> To: freebsd-security@freebsd.org Subject: Re: random numbers Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Would /dev/urandom be acceptable for use in a one time pad encryption >system? Such a system is only as strong as the random number generator used >to generate the keys. > >I get the feeling that /dev/random would be a much better choice, but key >generation with that would be much slower. Caveat: last I checked, the /dev/[u]random device in -CURRENT was completely broken for crypto-grade randomness (it said as much in the source). >Does anyone know of any hardware that isn't to expensive and generates good >random numbers? Technically speaking, if you don't have one bit of entropy for each bit of pad, you don't have a true one-time pad. If you want to generate a lot of entropy cheaply, the common way to do it is take the digitized input of a sound card, make a conservative estimate of the number of bits of entropy per sample, and run as many samples as necessary through a cryptographic hash (e.g. SHA-1) until you have as many entropy bits in as hash bits out. If you aren't so insistant on a true one-time pad, you can always use the hash output to seed a Blum-Blum-Shub PRNG. -Michael Robinson To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message