[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

No Subject



Bcc: Blind Recipients List:;
Subject: Why hardware random numbers?
Message-ID: <[email protected]>

I don't understand the desire for hardware-based random number generators.
It seems to me that a decent software RNG would be adequate for
the main uses that I have heard of for RNG's (mostly session key
generation).

Seed the RNG initially with a nice random set of characters typed in
by the user, plus timing information based on the rate of timing of
those characters.  Also use the local system clock, and possibly a
hash of some sectors of the disk or some files on /tmp.  Create a pool
of random numbers in this way.

As you use them, refill the pool, making the refilled bytes a function
of the current system clock, and whatever message you are encrypting
(or some other appropriate global state).

Use a nice strong RNG based on DES, MD5, IDEA, or some other cypher or
hash function.

I don't think anyone could break the resulting random stream without
a physical attack on your computer.  Why pay $50 to $200 for a hardware
device when you can get the same effect in software that already exist?
Both PGP and RIPEM, I think, use the above techniques for their random
numbers.

Hal
[email protected]