Salut, Michael,
On Tue, 20 May 2008 13:41:41 -0400, Michael Holstein wrote:
> Smoke Detector + Webcam = cheapo RNG
We were talking about PRNGs here, which are highly complex mathematical
constructs, not hardware RNGs, which are also slightly hairy though.
There are a couple of books on PRNG design, and even if you read them
you probably still need a couple of years to design a secure PRNG.
> I know some highly secure operations (eg: web casinos, using Geiger
> counters and background radiation) use a version of this for their
> RNGs, and random.org does it with RF (radios listening to static) ..
> do patches exist for OpenSSL to use hardware devices? (short of a
> hack to take something like the above and pipe it to /dev/random,
> etc).
OpenSSL would probably be slightly the wrong place to do this. The BSD
systems tend to have kernel drivers for various hardware random
sources, XORing them into each other to eliminate the problem with weak
random sources. You can then distill this through the /dev/random
device. OpenSSL needs a build flag to make use of this additional
random material then, I think they add a certain amount of random
material to their MD on each iteration.
Please note that even hardware random sources are of quite varying
quality. Like you said, a Geiger counter provides you with quite
high-quality random numbers since, to our knowledge, quantum effects
are rather hard to predict. You can also use hard disk seek times as a
RNG source, but the quality is rather poor in this case, and you should
only use it in addition to other sources.
Tonnerre
--
SyGroup GmbH
Tonnerre Lombard
Solutions Systematiques
Tel:+41 61 333 80 33 Güterstrasse 86
Fax:+41 61 383 14 67 4053 Basel
Web:www.sygroup.ch tonnerre.lombard@xxxxxxxxxx
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/