[GTALUG] Crypto Question: Where do you get your entropy

D. Hugh Redelmeier hugh at mimosa.com
Wed Nov 12 06:22:47 UTC 2014 

[Scott asked that we post our questions from tonight's meeting]

Where do you get your entropy?

Entropy (real bytes of random numbers, not pseudo-random numbers) is key 
for cryptography.

- when generating keys for public-key cryptosystems (RSA, ECC, ...)

- when generating session keys via a Diffie-Hellman exchange

- challenging the other side in various ways (eg. proving liveness
  or proving possession of a private key)

- probably other cases that I'm not remembering at the moment

In many cases a Cryptographic Pseudo-Random Number Generator (PRNG) is
good enough, but not these.  Sometimes a Cryptographic PRNG can be
used to "stretch" entropy: kind of like stretching soup by adding
water or milk.

Adversaries can easily break your cryptosystem if you don't have
sufficient entropy.  It's that bad.

What sources do you use?  /dev/random and /dev/urandom are the Linux
channel for entropy.  There are various sources that can be pooled by
the kernel:

- timing of unpredictable event (e.g. user keystokes, disk seek
  timing, ethernet packet timing, ...).

  The only one I kind of trust is the keystrokes thing, and that
  doesn't work for servers.  Others might be controlled by or
  predictable to foes.

  Keystrokes are not as good as one would like.  For example, USB
  keyboards have keystroke timing quantized by the USB scanning rate.

- Recent Intel CPUs have true RNGs.  (Assuming that they were not
  subverted by the US Government or something else.  Or just plain
  buggy, something that might not be detectable)

- external entropy source.

  - Scott mentioned several.  One DIY example: harvest the americium
    pellet from a smoke detector and place it directly on a camera
    sensor.  This makes a kind of Geiger Counter and Geiger Generator
    (I made that second term up).  Physicists think that radioactive
    emissions are unpredictable (except for chain reactions) and thus
    should be good entropy generators.

  - Chris mentioned a Kickstarter(?) project that has produced what
    they claim is an entropy generator on a USB stick.

More information about the talk mailing list