Date: 07 Feb 2002 04:05:00 +0100 From: Artur Grabowski <art@blahonga.org> To: <robin@wizardsworks.org> Cc: deraadt@openbsd.org, bugs@openbsd.org, bugs@freebsd.org Subject: Re: Crypto Secure Random Numbers Message-ID: <87vgdaq9er.fsf@kaka.blahonga.org> In-Reply-To: <robin@wizardsworks.org>'s message of "Wed, 6 Feb 2002 13:17:29 -0800 (PST)" References: <Pine.LNX.4.21.0202061316380.22559-100000@wizardsworks.org>
next in thread | previous in thread | raw e-mail | index | archive | help
<robin@wizardsworks.org> writes: > The solution: > > ----------------8<-----------------8<--------------------8<------------------ > # include <stdio.h> > # include <stdlib.h> > # include <sys/time.h> > # include <unistd.h> > > /* > Theory of operation: > When gettimeofday(2) is called, the microseconds value returned is unknown > and unpredictable. It is therefore a source of entropy. By introducing a [...] > When the above program is compiled and run on FreeBSD or OpenBSD, you will > find that it produces 20 numbers whose value cannot be predicted. When > you run the program again, you will also find that it produces 20 numbers > whose value cannot be predicted. > > I propose that a new pseudo-device be added to either or both of FreeBSD and > OpenBSD, fulfilling the same purpose as "/dev/random", but which uses the > technique illustrated above to produce Crypto-Secure Random Numbers. > Importantly, the pseudo-device should only generate numbers on demand. > This way, the numbers will be unpredictable. You've got to be kidding. Please, please, please take a basic course in cryptography before your next idea on how to "improve" random number generation. I know that you think that all respected cryptographers are stupid, but can't you at least take the course to catch the basics? Because your complete lack of understanding of how randomness works is not even funny anymore. It's embarassing. Don't you understand that you're making a complete fool out of yourself? I took the liberty to adapt your algorithm to produce a more usable stream of random numbers, I took 10 minutes to generate 32k (and that is probably not enough to get very good analysis results, but it at least point us into the right direction and I don't have time to wait for more), I also generated 32k using the good old random(3). Then I ran a set of standard tests on the streams. Oh, and please note that the machine on which this was running was at the same time used for surfing the web and some other compilations, while running X, so there is a big element of environmental noise in that output. Entropy: your - 6.81 bits per byte random(3) - 7.99 gzip: your - compressed down to 42% of original size random(3) - file size grew with something that looked like a header. chi square: your - 0.01% random(3) - 5% (more than 99% or less than 1% is definitely not random, more than 95% or less than 5% is very suspect, more than 90% or less than 10% is slightly suspect, other results indicate that the input could be random). monte carlo pi: your - 3.085881707 random(3) - 3.145211500 I'm sorry, but experience shows that it's safer to use random(3) or even rand48(3) than anything that you have invented. This time there is not even a need to explain the theory of why your new randomness collection method sucks. Simple tests show that it's completly useless. //art To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?87vgdaq9er.fsf>