[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
No Subject
Bcc: Blind Recipients List:;
Subject: Why hardware random numbers?
Message-ID: <[email protected]>
I don't understand the desire for hardware-based random number generators.
It seems to me that a decent software RNG would be adequate for
the main uses that I have heard of for RNG's (mostly session key
generation).
Seed the RNG initially with a nice random set of characters typed in
by the user, plus timing information based on the rate of timing of
those characters. Also use the local system clock, and possibly a
hash of some sectors of the disk or some files on /tmp. Create a pool
of random numbers in this way.
As you use them, refill the pool, making the refilled bytes a function
of the current system clock, and whatever message you are encrypting
(or some other appropriate global state).
Use a nice strong RNG based on DES, MD5, IDEA, or some other cypher or
hash function.
I don't think anyone could break the resulting random stream without
a physical attack on your computer. Why pay $50 to $200 for a hardware
device when you can get the same effect in software that already exist?
Both PGP and RIPEM, I think, use the above techniques for their random
numbers.
Hal
[email protected]