Randomness

Good randomness is at the center of cryptography. It is used to generate keys, IVs, nonces, etc.

Is Dual EC a good algorithm?

No.

Are the NIST PRNGs secure?

Yes, but they suck.

Is math/random a good package to generate randomness?

In most languages, any math/random packages or libraries will offer APIs to generate non-cryptographically secure randomness. These libraries are not to be used to generate randomness for security purposes.

Can I trust any Random Number Generators or Prime generation implementations?

Yes and no. Historically, people have done very stupid things.

linux: /dev/random vs /dev/urandom

  • short answer: use getrandom()
  • long answer: use /dev/urandom unless you really care about good entropy at boot time.

Early during boot, it is possible that /dev/urandom is in a state where it is not properly seeded. getrandom() blocks if this is the case, but /dev/urandom doesn't and might return weak random numbers.

How to obtain randomness on Windows?

  • CryptGenRandom is said to be deprecated, but realistically it will probably never be.
  • the new API is BCryptGenRandom from the Cryptography API: Next Generation (CNG).

What's better? A kernel or a user-land PRNG?

  • short answer: kernel PRNGs are better.
  • long answer: kernel PRNGs can be slow, because they are exposed as a system call. In situations where randomness generation is the bottleneck, it might be desired to use a userland PRNG and seed it with the kernel PRNG.

Using a userland PRNG has its caveats:

  • if a process forks, the parent and the child will have the same PRNG state (and thus derive the same random numbers).
  • if they use the PID to differentiate their state, then forking enough time might wrap the PID and force two process to have the same PRNG state.
  • snapshoting a VM and restoring from it several times will produce several instantiation of the same PRNG.

Are UUID randoms?

Yes, but not really. Underneath the surface, they are usually generated by using an actual cryptographically secure PRNG, so don't take shortcuts and use a cryptographically secure PRNG directly.

Is RDRAND secure?

Nobody knows, but it does solve the problem of not having good sources of entropy in headless devices. In general, a sane operating system does not rely solely on RDRAND to seed its PRNGs, and so you should be safe. In practice, if you are really paranoid, I suggest supplying additional entropy to your device

How long should a random string be to avoid collisions?

results matching ""

    No results matching ""