CPRNGs are still an issue.
James A. Donald
jamesd at echeque.com
Wed Dec 10 19:46:51 EST 2008
Jack Lloyd wrote:
> I think the situation is even worse outside of the
> major projects (the OS kernels crypto implementations
> and the main crypto libraries). I think outside of
> those, nobody is even really looking. For instance -
>
> This afternoon I took a look at a C++ library called
> JUCE which offers (among a pile of other things) RSA
> and Blowfish. However it turns out that all of the RSA
> keys are generated with an LCRNG (lrand48, basically)
> seeded with the time in milliseconds.
>
http://www.randombit.net/bitbashing/security/juce_rng_vulnerability.html
If one uses a higher resolution counter - sub
microsecond - and times multiple disk accesses, one gets
true physical randomness, since disk access times are
effected by turbulence, which is physically true
random.
In Crypto Kong I added entropy at various times during
program initialization from the 64 bit performance
counter. Unfortunately the 64 bit performance counter
is not guaranteed to be present, so I also obtained
entropy from a wide variety of other sources - including
the dreaded millisecond counter that has caused so many
security holes.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list