Title :
Practical random number generation in software
Author_Institution :
Virginia Tech., VA, USA
Abstract :
There is a large gap between the theory and practice for random number generation. For example, on most operating systems, using /dev/random to generate a 256-bit AES key is highly likely to produce a key with no more than 160 bits of security. We propose solutions to many of the issues that real software-based random number infrastructures have encountered. Particularly, we demonstrate that universal hash functions are a theoretically appealing and efficient mechanism for accumulating entropy, we show how to deal with forking processes without using a two-phase commit, we explore better metrics for estimating entropy and argue that systems should provide both computational security and information theoretic security through separate interfaces.
Keywords :
cryptography; entropy; random number generation; 256-bit AES key; computational security; entropy estimation; information theoretic security; operating system; random number generation; software-based infrastructure; two-phase commit; universal hash function; Computer interfaces; Counting circuits; Cryptography; Data security; Entropy; Failure analysis; Information security; Operating systems; Random number generation; Terminology;
Conference_Titel :
Computer Security Applications Conference, 2003. Proceedings. 19th Annual
Print_ISBN :
0-7695-2041-3
DOI :
10.1109/CSAC.2003.1254318
