Fw: testing quality of a /dev/random

Sam Roberts sam at cogent.ca
Wed Mar 15 11:00:43 CET 2000

Thanks Enzo and Werner.

I found the references on RNGs and learned a bunch. Looks like
the newer Linux random driver is using an approach more like
Yarrow, though they don't mention it in the source.

Very helpful.


p.s. Werner - I'll upload random drivers for QNX4 and Neutrino
when I've done the latter, and added some necessary code for
detection of the presence of the pentium TSC.

Previously, you (Enzo Michelangeli) wrote:
> Sam,
> My personal opinion about random number generators can be summarized as
> follows:
> 1. A good "random" sequence is one that is unguessable by an adversary. Good
> statistical properties are a necessary, but not sufficient, condition for
> that.
> 2. A cryptographically sound pseudo-random number generator (PRNG) is good
> enough, as long as its internal state is also unguessable. This requires
> one-way algorithms preventing the attacker from back-stepping it, and a
> large (say, > 128-bit) amount of internal state to prevent brute-force
> attacks.
> 3. As PRNG's are deterministic machines, they must be initialized by
> "seeding" them with true random data (entropy) collected from the physical
> world. Once this is done, say with N bits of entropy, the PRNG may be safely
> assumed to churn out sequences whose brute-force guessing requires a number
> of attempt in the region of 2**N. A few years ago Netscape, in the SSL
> implementation for Navigator 2, used a value too small for N, and they got
> busted by Ian Goldberg and David Wagner. The most difficult part here is
> determining how large N is for some typical entropy sources (mouse
> movements, disk jitter, UNIX process
> table content etc.).
> If you are interested in these matters, you may want to have a look at the
> documentation of Yarrow ( http://www.counterpane.com/yarrow.html )
> containing in-depth analysis of design guidelines for good (P)RNG's and a
> description of the most common attacks against them.
> Cheers --
> Enzo

Sam Roberts, sroberts at uniserve dot com, www.emyr.net/Sam

More information about the Gnupg-devel mailing list