A Random Diary
The current discussion about breaking encryption algorithm has one common thread: random number generators. No matter the encryption algorithm, if your encryption keys are not random, the algorithm can be brute forced much easier then theoretically predicted based on the strength of the algorithm. All encryption algorithms depend on good random keys and generating good random numbers has long been a problem.
In Unix systems for example, you will have two random devices: /dev/random and /dev/urandom. "random" usually produces random numbers based on some source of entropy. In Linux, parameters like mouse movements, disk activity and interrupts are used. Older versions of the random number generator used network activity, but since the attacker may be able to affect network activity, this parameter is no longer used. The Linux random number generator was found to be not particularly well implemented, in particular on disk less systems and systems with little user activity, like for example routers [1] .
Recently, some implementations of Linux like OpenWRT where found vulnerable if they are used on MIPS based hardware. The random number generator on these systems uses the number of CPU cycles since reboot as a seed. However, the respective function always returns 0, not the actual number of cycles on MIPS. [2]
Are there better ways to collect random numbers? One of the challenges is to increase the amount of entropy (random events) collected. There are some good attempts to use microphones, cameras and other hard ware devices to improve the pool of entropy. Sadly, there are no simple "standardized" solutions to implement these techniques.
Here are a couple pointers to projects that may help you implement better random number generators:
Using the camera in Windows : http://wcrnd.sourceforge.net
using the sound card in Windows: http://sourceforge.net/projects/trng
Linux camera based random number generator: http://sourceforge.net/projects/lavarnd/
Linux sound card random source: http://code.google.com/p/snd-egd/
testing random number generators: http://www.leidinger.net/FreeBSD/dox/dev_rndtest/html/df/d2a/rndtest_8c_source.html (look for "rndtest" in your Linux distro)
Got any other tips to create good random numbers (cheaply)?
[1] http://www.pinkas.net/PAPERS/gpr06.pdf
[2] https://lists.openwrt.org/pipermail/openwrt-devel/2013-September/021318.html
------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter
Network Monitoring and Threat Detection In-Depth | Singapore | Nov 18th - Nov 23rd 2024 |
Comments
http://www.issihosts.com/haveged/
Cpu interrruption as entropy source
G.
Anonymous
Sep 17th 2013
1 decade ago
There are homebrew projects where people have taken a home smoke detector (which has a small sample of Am-241) and adapt it to be a random number generator.
Anonymous
Sep 17th 2013
1 decade ago
It's very doable to get a sequence of outputs that has all the mathematical properties that random numbers have; without needing to resort to physics. So the question may to broad.... how do you define "good"; good enough for what? What's the fundamental qualifier? :)
Math::RANDOM::ISAAC comes to mind.
http://www.burtleburtle.net/bob/rand/isaacafa.html
Oh I don't know... grab a copy of the isc.sans.edu homepage's HTML; concatenate it with the current text of the front page of 100 internet news sites and blogs around the internet, include some twitter searches; crawl at a pseudorandom hourly offset. After 10000 crawls are appended, encrypt that huge blob of text using a block cipher, with a secret key. Take a SHA512 hash of that encrypted result, and seed the ISAAC algorithm using the bits in the hash.
for $i (0..$hashtext) { $seeds[0] += ord(substr($hashtext,$i,1)) }
my $rng = Math::Random::ISAAC->new(@seeds);
Use the seeded algorithm to generate a new 256-bit symmetric key.
Anonymous
Sep 17th 2013
1 decade ago
Anonymous
Sep 17th 2013
1 decade ago
http://software.intel.com/en-us/articles/intel-digital-random-number-generator-drng-software-implementation-guide
Anonymous
Sep 17th 2013
1 decade ago
Anonymous
Sep 17th 2013
1 decade ago
Intel RNG in the chip? .....bad timing mate ;)
https://www.schneier.com/blog/archives/2013/09/surreptitiously.html
Anonymous
Sep 18th 2013
1 decade ago
Anonymous
Sep 18th 2013
1 decade ago
Anonymous
Sep 18th 2013
1 decade ago
A USB device that supplies lots of fresh entropy to /dev/random, available for any opensource flavor os.
Can be shared over a network aswell.
Anonymous
Sep 20th 2013
1 decade ago