Re: Analysis of /dev/random

New Message Reply About this list Date view Thread view Subject view Author view

Ge' Weijers (ge@Progressive-Systems.Com)
Mon, 12 Apr 1999 11:33:47 -0400


On Mon, Apr 12, 1999 at 11:06:18AM -0400, Adam Shostack wrote:
> Why is that? /dev/urandom should give you the best random
> output on the machine. If you're going to write more code, why not
> spend the time to make that code available as part of the system
> library?

The idea is to limit the effect of tampering with the
kernel. /dev/urandom is the best source of randomness assuming it's
working correctly. Assuming it doesn't, what can be done to limit the
bad effects? One way would be to use multiple sources of entropy. If
we put this code in a standard library it's easily replaced again, so
I would not go that route.

Other approaches may also be valid. As an example: in "Computational
Alternatives to Random Number Generators" (M'Raihi et. al.,
Proceedings of Selected Areas in Cryptography '98) it's shown that you
can convert (most if not all) PK signature schemes that need random
numbers into ones that don't. It's trivial to modify this approach to
one that will be secure whether /dev/random's output is random or not.

Ge'

-- 
-
Ge' Weijers                                Voice: (614)326 4600
Progressive Systems, Inc.                    FAX: (614)326 4601
2000 West Henderson Rd. Suite 400, Columbus OH 43220


New Message Reply About this list Date view Thread view Subject view Author view

 
All trademarks and copyrights are the property of their respective owners.

Other Directory Sites: SeekWonder | Directory Owners Forum

The following archive was created by hippie-mail 7.98617-22 on Thu May 27 1999 - 23:44:22