See also http://egd.sourceforge.net/ (Entropy Gathering Daemon, written in perl)
-Kyle H On Thu, Aug 11, 2011 at 12:33 PM, Vegard Nossum <[email protected]> wrote:
Hi, I've written a small program that gathers randomness from the uncertainty of scheduling between threads/cores in a multithreaded program/system. The purpose of this is to generate random numbers entirely in userspace (in case the /dev/random traffic is somehow being watched, etc.). Attackers could still get their hands on the random numbers, but I'm guessing it would be a lot more work than simply tapping into the kernel/userspace interfaces -- they would have to peek into the address space of the process generating the numbers. One way to use this may be to seed a PRNG which runs in parallel with e.g. /dev/random; XORing them together should yield a bitstream with quality at least as good as the best of them, and will make it more difficult to predict the output simply having access to the kernel's secret state (or the numbers generated by it). Is this interesting for the OpenSSL project? Or do you have something like this already? (I could only find the use of certain things like the current time, pid, uid, etc., which I think an attacker would have much easier access to.) Or is it not really a concern in the first place? I attached my code -- it is not rigorous, but I think I avoided the worst pitfalls. I'm not sure what kind of entropy/quality the output has, but it should be better than nothing at all. $ g++ seed.cc -lpthread -lssl -lcrypto && ./a.out b41c91f348638116 a165d0fac8b2304e 282d0d24311d7511 [...] The code works only on x86_64, and probably also only on Linux. Vegard
Verify This Message with Penango.p7s
Description: S/MIME Cryptographic Signature
