LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Justified paranoia re. RNGs

Justified paranoia re. RNGs

Posted Mar 30, 2012 15:47 UTC (Fri) by hmh (subscriber, #3838)
In reply to: Russell: Sources of Randomness for Userspace by alankila
Parent article: Russell: Sources of Randomness for Userspace

Yes, a very high level of paranoia is justified when dealing with RNGs that are going to be used in crypto.

Depending on the type of cryptography (and mode of operation) being used, a flawed RNG will allow an attacker to derive some key material or even the entire key at once.

That does mean you need a strong RNG at all times to be safe, not just when generating persistent keys. In practice, it means you have to avoid like the plague any crypto that depends on the quality of the RNG on *both* sides to avoid disaster...

I will leave it to an expert to explain which classes of crypto algorithms and modes of operation are more resistant to bad RNGs.

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds