John Viega
Virginia Polytechnic Institute
USA
There is a large gap between the theory and practice for random number generation. For example, on most operating systems, using /dev/random to generate a 256-bit AES key is highly likely to produce a key with no more than 160 bits of security. In this paper, we propose solutions to many of the issues that real software-based random number infrastructures have encountered. Particularly, we demonstrate that universal hash functions are a theoretically appealing and efficient mechanism for accumulating entropy, we show how to deal with forking processes without using a two-phase commit, we explore better metrics for estimating entropy and we argue that systems should provide both computational security and information theoretic security through separate interfaces.
Keywords: random number generation, entropy, pseudo-randomness, operating system security