On Wed, Jul 31, 2002 at 07:51:03PM +1000, Jean-Francois Dive wrote: > hello people, > > i was talking to a friend, and he was describing the inability of PC > based security devices to have proper pseudo-random number generation. > This sounds to me that i needed some investigation. My general question > is: does someone ever heard about any type of cryptographic attack using > flaws in the random number generation ? Is there (even therically) > possibilites > to be able to guess those numbers ? I know that some protocols add some > more randomness (like ipsec, using the last cyphered block in the antropy > pool etc..), but i'd like to have a clear idea on how secure those > mechanims are.
Short answer: Linux mainly uses interrupt timings as an entropy source, from devices that are fairly unpredictable. Assuming those are secure, the entropy pool is protected by a SHA hash of it's state when something needs random bits. (afaik) a SHA hash has no know weaknesses, with the exception of brute force which is simply too big to attempt. Long answer: read drivers/char/random.c from your nearest linux source tree. > > Finally, i read here and there some work on hardware random generation devices > (based on radio activity readings, or diods based devices or whatever), is > there anyone with some experience with those ? -- Adam Olsen, aka Rhamphoryncus