CPRNGs are still an issue.

James A. Donald jamesd at echeque.com
Wed Dec 10 19:46:51 EST 2008

Jack Lloyd wrote:
 > I think the situation is even worse outside of the
 > major projects (the OS kernels crypto implementations
 > and the main crypto libraries). I think outside of
 > those, nobody is even really looking. For instance -
 > This afternoon I took a look at a C++ library called
 > JUCE which offers (among a pile of other things) RSA
 > and Blowfish. However it turns out that all of the RSA
 > keys are generated with an LCRNG (lrand48, basically)
 > seeded with the time in milliseconds.

If one uses a higher resolution counter - sub
microsecond - and times multiple disk accesses, one gets
true physical randomness, since disk access times are
effected by turbulence, which is physically true

In Crypto Kong I added entropy at various times during
program initialization from the 64 bit performance
counter.  Unfortunately the 64 bit performance counter
is not guaranteed to be present, so I also obtained
entropy from a wide variety of other sources - including
the dreaded millisecond counter that has caused so many
security holes.

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list