[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Is /dev/random good enough to generate one-time pads?
> > Subj sez it all.
> Yes, as a matter of fact it is. /dev/random is based on an entropy pool
> taken from hardware interrupts and such, thus is a RNG, not a PRNG
I expect it would be "good enough", but it is not _perfectly_ random, and
so it wouldn't be a true one-time pad.
Because it uses MD5, the bits are not all provably independent. You get
(very strong) cryptographic security instead of perfect security.
The one-time pad is easy to explain in theory, but implementing it
perfectly is extremely difficult. Many people believe that quantum events
are the only source of perfect randomness, but most methods for harvesting
that randomness could introduce statistical properties. For example, a
radioactive substance may have exactly a 50% chance of emitting a particle
given a certain amount of time, but what happens if your timer isn't
perfect?
One-way hashes are good at removing such obvious and not-so-obvious
statistical properties, but like a PRNG, you can't prove that the bits it
produces are all completely independent. It's definately "good enough",
but it's not perfect.