Practical Random Number Generation in Software

	This Article
	PDF RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by John Viega

19th Annual Computer Security Applications Conference (ACSAC '03)

Practical Random Number Generation in Software (PDF)

Las Vegas, Nevada

December 08-December 12

ISBN: 0-7692-2041-3

	ASCII Text	x
	John Viega, "Practical Random Number Generation in Software," Computer Security Applications Conference, Annual, pp. 129, 19th Annual Computer Security Applications Conference (ACSAC '03), 2003.

	BibTex	x
	@article{ 10.1109/CSAC.2003.1254318, author = {John Viega}, title = {Practical Random Number Generation in Software}, journal ={Computer Security Applications Conference, Annual}, volume = {0}, year = {2003}, issn = {1063-9527}, pages = {129}, doi = {http://doi.ieeecomputersociety.org/10.1109/CSAC.2003.1254318}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Computer Security Applications Conference, Annual TI - Practical Random Number Generation in Software SN - 1063-9527 SP EP A1 - John Viega, PY - 2003 KW - null VL - 0 JA - Computer Security Applications Conference, Annual ER -

John Viega, Virginia Tech

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/CSAC.2003.1254318

There is a large gap between the theory and practice for random number generation. For example, on most operating systems, using /dev/random to generate a 256-bit AES key is highly likely to produce a key with no more than 160 bits of security. In this paper, we propose solutions to many of the issues that real software-based random number infrastructures have encountered. Particularly, we demonstrate that universal hash functions are a theoretically appealing and efficient mechanism for accumulating entropy, we show how to deal with forking processes without using a two-phase commit, we explore better metrics for estimating entropy and argue that systems should provide both computational security and information theoretic security through separate interfaces.

Citation:

John Viega, "Practical Random Number Generation in Software," acsac, pp.129, 19th Annual Computer Security Applications Conference (ACSAC '03), 2003

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.