[Date Prev][Date Next][Thread Prev][Thread Next] - [Date Index][Thread Index][Author Index]

RE: Lava Lamp



If you do (say) od -x /dev/random  it will block on the device
for a while if you do it too quickly.  It appears to me that
some type of "entropy threshold" or maybe some fixed time or
a combination of the two is being enforced in the version that
is delivered with RH 7.2.



-----Original Message-----
From: owner-AMSAT-BB@AMSAT.Org [mailto:owner-AMSAT-BB@AMSAT.Org]On
Behalf Of Phil Karn
Sent: Monday, April 22, 2002 5:11 AM
To: kayser@sympatico.ca
Cc: amsat-bb@AMSAT.Org
Subject: Re: [amsat-bb] Lava Lamp


>Real random numbers done come from the algorithm in a PC, the serious 
>people want really really really random numbers.

I assume you meant to say "Real random numbers *don't* come from the
algorithm in a PC". Or as John von Neumann so famously said, anyone
who uses deterministic methods to generate random numbers is living in
sin.

The method used in the Linux /dev/random driver is a pretty good one,
and many crypto protocols now rely on it.

It continually hashes every external source of entropy it can find
(keystroke timings, interrupt timings, etc) into an "entropy pool".
(If you had a video camera focused on a lava lamp, you could probably
add those bits too.)  When an application requests random bits, the
driver hashes the entropy pool again with a strong 1-way hash function
(SHA) and a counter so as to produce different bits each time, and to
hide the internal state of the entropy pool.

As long as entropy is fed into the pool faster than it is extracted,
then truly random bits are produced; they're unguessable even by an
attacker with infinite computing power. If entropy is extracted faster
than it is replenished, then the output degrades to "practical"
randomness. It becomes theoretically possible to guess the random
bits if you can invert SHA -- which is specifically designed to thwart
inversion. So they're probably still good enough for cryptography.

If you want the gory details, the comments in the linux kernel source
describe the scheme pretty well. I suggested the original concept, and
several others have improved it substantially. Such are the benefits
of published designs and open source code.

Phil
----
Via the amsat-bb mailing list at AMSAT.ORG courtesy of AMSAT-NA.
To unsubscribe, send "unsubscribe amsat-bb" to Majordomo@amsat.org


----
Via the amsat-bb mailing list at AMSAT.ORG courtesy of AMSAT-NA.
To unsubscribe, send "unsubscribe amsat-bb" to Majordomo@amsat.org



AMSAT Top AMSAT Home