Check out the new USENIX Web site. next up previous
Next: Kernel Randomness Pool Up: Cryptography in OpenBSD: An Previous: S/Key

Pseudo Random Number Generators

  A Pseudo Random Number Generator (PRNG) provides applications with a stream of numbers which have certain important properties for system security:

Some applications have criteria which affect the type of PRNG which is needed. For instance, later on we will discuss IP datagram IDs and DNS [30] query-IDs, both of these issues have qualities which make it extremely desirable to have a PRNG which makes efforts to avoid emitting repetitions (thus ruling out use of a true-random source).

Many other operating systems also have random number device drivers and other related mechanisms, but largely make no use of them. Some such systems even provide such support only as optional device drivers, therefore discouraging use (i.e., reliance). OpenBSD deviates by actually using these mechanisms in numerous ways. A few major interfaces or techniques are used:

Each of these, and their uses in OpenBSD, will be covered in the following sections.



 
next up previous
Next: Kernel Randomness Pool Up: Cryptography in OpenBSD: An Previous: S/Key
& D. Keromytis
4/26/1999