[GTALUG] Crypto Question: Where do you get your entropy
D. Hugh Redelmeier
hugh at mimosa.com
Wed Nov 12 06:22:47 UTC 2014
[Scott asked that we post our questions from tonight's meeting]
Where do you get your entropy?
Entropy (real bytes of random numbers, not pseudo-random numbers) is key
for cryptography.
- when generating keys for public-key cryptosystems (RSA, ECC, ...)
- when generating session keys via a Diffie-Hellman exchange
- challenging the other side in various ways (eg. proving liveness
or proving possession of a private key)
- probably other cases that I'm not remembering at the moment
In many cases a Cryptographic Pseudo-Random Number Generator (PRNG) is
good enough, but not these. Sometimes a Cryptographic PRNG can be
used to "stretch" entropy: kind of like stretching soup by adding
water or milk.
Adversaries can easily break your cryptosystem if you don't have
sufficient entropy. It's that bad.
What sources do you use? /dev/random and /dev/urandom are the Linux
channel for entropy. There are various sources that can be pooled by
the kernel:
- timing of unpredictable event (e.g. user keystokes, disk seek
timing, ethernet packet timing, ...).
The only one I kind of trust is the keystrokes thing, and that
doesn't work for servers. Others might be controlled by or
predictable to foes.
Keystrokes are not as good as one would like. For example, USB
keyboards have keystroke timing quantized by the USB scanning rate.
- Recent Intel CPUs have true RNGs. (Assuming that they were not
subverted by the US Government or something else. Or just plain
buggy, something that might not be detectable)
- external entropy source.
- Scott mentioned several. One DIY example: harvest the americium
pellet from a smoke detector and place it directly on a camera
sensor. This makes a kind of Geiger Counter and Geiger Generator
(I made that second term up). Physicists think that radioactive
emissions are unpredictable (except for chain reactions) and thus
should be good entropy generators.
- Chris mentioned a Kickstarter(?) project that has produced what
they claim is an entropy generator on a USB stick.
More information about the talk
mailing list