Cryptographically secure PRNG's in C

StackOverflow https://stackoverflow.com/questions/15418600

  •  23-03-2022
  •  | 
  •  

Question

I'm working on generating very large random integers in C. I've found that /dev/random is a good source, but it blocks if the entropy pool is exhausted. /dev/urandom seemed like the next goto, but the quality of randomness is not as good in comparison. Is there a way I can use an integer from /dev/random to seed a PRNG so that I don't have to keep reading from /dev/random? I am looking for a cryptographically secure PRNG, though not long term.

Was it helpful?

Solution

Using integers from /dev/random to seed a PRNG is exactly what /dev/urandom does. Unless you have evidence of a specific weakness in urandom, you are reinventing the wheel.

While it is true that urandom is weaker than /dev/random, your proposed scheme is weak in exactly the same way, so it provides no benefit over just using urandom. urandom has the additional benefit that it can continuously mix new entropy into the generated numbers as new entropy becomes available from the underlying hardware. FreeBSD for example only has a urandom-style device.

Finally, urandom has been around for many years and its source has been reviewed by security experts, which is not the case with a replacement one can roll on his own.

OTHER TIPS

It would likely depend upon the platform. Some use crypto-secure PRNG's already for /dev/random. Examples: FreeBSD, OpenBSD, OS X. You can also look at Yarrow, Fortuna, ISAAC (based upon RC4). This is a good place to start if you want to research it more: http://csrc.nist.gov/groups/ST/toolkit/index.html

If you simply want a large pool of entropy, you could do something basic such as take SHA1 of data blocks from a noisy data stream (e.g. video or audio of busy environment).

The question then becomes how much entropy you want, and how quickly? Because "large numbers" might mean anything from just a Gb of random bits for a project, to "I need 100k/sec constant stream of entropy for this service"

It would be even better if you have hardware to do it. Check your CPU or any other module if it supports cryptographic random number generation. Both /dev/random and /dev/urandom is not secure in terms of cryptography. You should not use them as your source in your application.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top