[Courses] [Security] Generating Random bits

[Jacinta Richardson]

> Put that way, yes , it is _possible_ but highly unlikely that two people
> end up with the same number. hmm.... what are the general sources of
> randomness people use to issue key pairs? 

>From the "Handbook of Applied Cryptography"
(http://theory.lcs.mit.edu/~rivest/crypto-security.html)

A (true) random bit generator requires a naturally occuring source of
randomness.  Designing a hardware device or software program to exploit
this randomness and produce a bit sequence that is free of biases and
correlations is a difficult task.  Additionally, for most cryptographic
applications, the generator must not be subject to observation or
manipulations by an adversary.

Random bit generators based on natural sources of randomness are subject
to influence by external factors, and also to malfunction. It is
imperative that such devices be tested periodically using statistical
tests.

Handware based random bit generators exploit the randomness which occurs
in some physical phenonmena.  Examples of such physical phenomena include:
	1. elapsed time between emission of particels during radioactive
decay
	2. thermal noise from a semiconductor diode or resistor
	3. the frequency instability of a free running oscillator
	4. the amout a metal insulator semiconductor capacitor is charged
during a fixed period of time
	5. air turbulence within a sealed disk drive which causes random
fluctuations in disk drive sector read latency times
	6. sound from a microphone or video input from a camera
	7. position of suspended substances in unevenly headed medium
(think lava lamps)

Designing a random bit generator in software is even more difficult than
in hardware.  Processes upon which software random bit generators may be
based include:
	1.  the system clock (low order bits)
	2. elasped time between keystrokes or mouse movement (low order
bits)
	3. content of input/output buffers (low order bits)
	4. user input
	5. operating system values such as system load and network
statistics.

The behaviour of such processes can vary considerably depending on various
factors, such as the computer platform.  A well-designed software random
bit generator should utilize as many good sources of randomness as are
available.  Using many sources guards against the possibility of a few of
the sources failing or being observed or manipulated by an adversary.




--
   ("`-''-/").___..--''"`-._          |  Jacinta Richardson	    |
    `6_ 6  )   `-.  (     ).`-.__.`)  |  Perl Training Australia    |
    (_Y_.)'  ._   )  `._ `. ``-..-'   |      +613 9354 6001 	    |  
  _..`--'_..-_/  /--'_.' ,'           | contact at perltraining.com.au |
(il),-''  (li),'  ((!.-'              |   www.perltraining.com.au   |