Practical random number generation in software

There is a large gap between the theory and practice for random number generation. For example, on most operating systems, using /dev/random to generate a 256-bit AES key is highly likely to produce a key with no more than 160 bits of security. We propose solutions to many of the issues that real software-based random number infrastructures have encountered. Particularly, we demonstrate that universal hash functions are a theoretically appealing and efficient mechanism for accumulating entropy, we show how to deal with forking processes without using a two-phase commit, we explore better metrics for estimating entropy and argue that systems should provide both computational security and information theoretic security through separate interfaces.

[1]  Abraham Lempel,et al.  A universal algorithm for sequential data compression , 1977, IEEE Trans. Inf. Theory.

[2]  Larry Carter,et al.  New Hash Functions and Their Use in Authentication and Set Equality , 1981, J. Comput. Syst. Sci..

[3]  Wim van Eck,et al.  Electromagnetic radiation from video display units: An eavesdropping risk? , 1985, Comput. Secur..

[4]  Manuel Blum,et al.  A Simple Unpredictable Pseudo-Random Number Generator , 1986, SIAM J. Comput..

[5]  Donald E. Eastlake,et al.  Randomness Recommendations for Security , 1994, RFC.

[6]  Ian Goldberg,et al.  Randomness and the Netscape browser , 1996 .

[7]  Mihir Bellare,et al.  A concrete security treatment of symmetric encryption , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[8]  Bruce Schneier,et al.  Cryptanalytic Attacks on Pseudorandom Number Generators , 1998, FSE.

[9]  William M. Daley,et al.  Security Requirements for Cryptographic Modules , 1999 .

[10]  Bruce Schneier,et al.  Yarrow-160: Notes on the Design and Analysis of the Yarrow Cryptographic Pseudorandom Number Generator , 1999, Selected Areas in Cryptography.

[11]  T. J. Walls,et al.  How we Learned to Cheat in Online Poker: A Study in Software Security , 1999 .

[12]  Daniel J. Bernstein,et al.  FLOATING-POINT ARITHMETIC AND MESSAGE AUTHENTICATION , 2000 .

[13]  Peter Gutmann The design and verification of a cryptographic security architecture , 2000 .

[14]  Adi Shamir,et al.  Weaknesses in the Key Scheduling Algorithm of RC4 , 2001, Selected Areas in Cryptography.

[15]  Anand Desai,et al.  A Practice-Oriented Treatment of Pseudorandom Number Generators , 2002, EUROCRYPT.

[16]  Bruce Schneier,et al.  Practical cryptography , 2003 .

[17]  Tadayoshi Kohno,et al.  The CWC Authenticated Encryption (Associated Data) Mode , 2003 .