7th USENIX Security Symposium, San Antonio, Texas
Software Generation of Practically Strong Random Numbers
Peter Gutmann
University of Auckland
Abstract
Although much thought usually goes into the design of encryption algorithms and protocols, less
consideration is often given to equally important issues such as the selection of cryptographically
strong random numbers, so that an attacker may find it easier to break the random number generator
than the security system it is used with. This paper provides a comprehensive guide to designing and
implementing a practically strong random data accumulator and generator which requires no
specialised hardware or access to privileged system services. The performance of the generator on a
variety of systems is analysed, and measures which can make recovery of the accumulator/generator
state information more difficult for an attacker are presented. The result is an easy-to-use random
number generator which should be suitable even for demanding cryptographic applications.
- View the full text of this paper in
PDF form.
- If you need the latest Adobe Acrobat Reader, you can download it from Adobe's site.
- To become a USENIX Member, please see our Membership Information.
|