|
 |
 Cryptographic systems need cryptographically strong (pseudo) random numbers that cannot be guessed by an attacker. Random numbers are typically used to generate session keys, and their quality is critical for the quality of the resulting systems. The random number generator is easily overlooked, and can easily become the weakest point of the cryptosystem. Some machines may have special purpose hardware noise generators. Noise from the leak current of a diode or transistor, least significant bits of audio inputs, times between interrupts, etc. are all good sources of randomness when processed with a suitable cryptographical hash function. It is a good idea to acquire true environmental noise whenever possible. One cryptographical random number generator is Yarrow by Counterpane. A good page to search for further material on (statistical) pseudo-random number generators is the pLab site. Any cryptographically good pseudo-random number generator should pass all the basic tests for statistical randomness. |
