|
|
|
|
Cryptographic systems need
cryptographically strong (pseudo) random numbers that cannot be
guessed by an attacker. Random numbers are typically used to
generate session keys, and their quality is critical for the quality
of the resulting systems. The random number generator is easily
overlooked, and can easily become the weakest point of the
cryptosystem.
Some machines may have special purpose
hardware noise generators. Noise from the leak current of a diode or
transistor, least significant bits of audio inputs, times between
interrupts, etc. are all good sources of randomness when processed
with a suitable cryptographical hash function. It is a good idea to
acquire true environmental noise whenever possible.
One
cryptographical random number generator is Yarrow by Counterpane. A good page to
search for further material on (statistical) pseudo-random number
generators is the pLab
site. Any cryptographically good pseudo-random number generator
should pass all the basic tests for statistical randomness.
| |
|