Posted Mar 30, 2012 16:41 UTC (Fri) by man_ls
In reply to: Russell: Sources of Randomness for Userspace
Parent article: Russell: Sources of Randomness for Userspace
Why, random numbers are incredibly complex. Try asking someone to give you a few random numbers and check them for patterns. Or just try to play rock-paper-scissors with the random strategy. I have won some of these rps simulators, and boy is it exhausting!
How do you find random numbers in Nature? You can expect to find noise from many sources, but there are many different types of noise: white, brown, pink. Each one has its own characteristics; you would have to use a filter for each of them if you want good, old white noise, or you are losing entropy bits. Even with a source of white noise, you have to normalize it and remove any non-random components that may appear (either from the noise source or from your equipment). And even if you make sure that you are getting random values using all the tests you know, someone may come along and find a regularity you did not think of, and put your "random" source to shame.
With pseudo-random number generators (which cause, as you will know, a state of sin) you can never be sure either. Sure, the period can be huge, but that only speaks about repeating values. The big question is again: what hidden regularities are there in any algorithm that we don't know about?
/dev/urandom is a nice trick, but in fact you are only brushing the problem under the carpet: is the kernel's PRNG implementation good enough for you? Does it get entropy from any sources, or is it just going through the PRNG sequence? In fact it may be even worse than your own algorithm, since you may be trusting it to be secure (getting some entropy from somewhere) when in fact it is not. So, /dev/urandom is not good enough to be happy for cryptographic applications. And crypto is not so esoteric these days: any programmer worth their salt should be able to hash passwords (pun intended but not deployed).
For me, haveged is a great concept because it should make /dev/urandom quite secure (and make you really happy), but I share drag's reservations about VMs.
to post comments)