[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Is /dev/random good enough to generate one-time pads?



-----BEGIN PGP SIGNED MESSAGE-----

On Thu, 28 Nov 1996, Steve Reid wrote:

> > > Subj sez it all.
> > Yes, as a matter of fact it is.  /dev/random is based on an entropy pool
> > taken from hardware interrupts and such, thus is a RNG, not a PRNG
> 
> I expect it would be "good enough", but it is not _perfectly_ random, and 
> so it wouldn't be a true one-time pad.
> 
> Because it uses MD5, the bits are not all provably independent. You get 
> (very strong) cryptographic security instead of perfect security.
> 
> The one-time pad is easy to explain in theory, but implementing it
> perfectly is extremely difficult. Many people believe that quantum events
> are the only source of perfect randomness, but most methods for harvesting
> that randomness could introduce statistical properties. For example, a
> radioactive substance may have exactly a 50% chance of emitting a particle
> given a certain amount of time, but what happens if your timer isn't
> perfect? 
> 
> One-way hashes are good at removing such obvious and not-so-obvious
> statistical properties, but like a PRNG, you can't prove that the bits it
> produces are all completely independent. It's definately "good enough",
> but it's not perfect. 

One the same note, I must say that implimentation of OTP perfectly is
impossible; you can _never_ prove you have truly random numbers.  The
point is that if the numbers are reasonably independant of each other (i
know -- sortof a contradiction) then they are, as you said, good enough.

The real problem with OTP is still key exchange ;)

 --Deviant
   PGP KeyID = E820F015 Fingerprint = 3D6AAB628E3DFAA9 F7D35736ABC56D39

All extremists should be taken out and shot.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQEVAwUBMp5lHzCdEh3oIPAVAQEFxQf9EYQtOcxuNCyHE0VN309pT4ZqHiOCmDHK
+rxy6/M9EDJSywJTd7GC/cVwenHBiR7PjSpJ4tWxTvRrcM58BcF6x0BqSioDpUCj
MBOW+SqYSRtUSEdvdNwdrqKfbZbOQK9dkZ9Dznczj5OKacUJKHdb1A1bfPQPDMh8
1YaOUXTHlcXqX6bOMZ+4Jt2JT8A7dI2EJUxuWIwF3nDyaLW7m8qi5w6k1090Y/3x
4lQinZQIcGZ57J57UP+JfzssbM5RnbVgJTxT+VSVf9QrxrHmZfQTJo0uJ2qC0NwS
LPaNT8eQ6MEWdFJMEI4bGNMWec4yw/3UhKHhAPVkT51Teap3DzIeAQ==
=tx76
-----END PGP SIGNATURE-----