Do you trust your RNG?

RNG translates into Random Number Generator, and is at the heart of cryptography. If an adversary can somehow predict your RNG’s output, he can effectively “guess” your encryption keys. There are real valid reasons for why you shouldn’t trust your RNG, depending upon your “paranoia level”. For the average user storing his TODO list encrypted on the web, this has probably few if any implications. However, for a highly paranoid organisation or individual, history have shown us that you probably shouldn’t trust your RNG. Creating truly random numbers without some sort of organic input, is by the very definition of the task literally impossible.

Some developers have proposed suggestions to solve this. All of the best and most paranoid implementations adds some sort of “organic input” to the mix. This can be having the user take a photo that he uses to seed his RNG implementation, listen to static noise over for instance a modem, or read some random bytes from your hard disc. Simply put because a computer cannot create truly random numbers without some sort of organic input.

The way I solve this in Phosphorus Five, is by allowing the user to create an “organic seed” during installation. This seed is cryptographically stored with a private PGP key, which is created by seeding the RNG with the salt the user provides. Below is a screenshot of how this looks like in the UI.

The salt the user applies above, is something he can provide for himself, and this is used to add to the existing entropy of the salting of the RNG from BouncyCastle, before the PGP key is created, that is used to cryptographically secured store the salt. This allows me to later easily create any true RNG number in the system, even if it should be proven in the future that the RNG implementation of BouncyCastle has weaknesses.

By default I use just a cryptographically secure random number, not bothering the user to even ask for a manual salt though, since this could arguably be considered “nuclear rocket security”, and would for the average John Doe be like hunting down a sparrow with a battleship. However, all in all, a pretty rock solid security implementation I’d say, adding that tiny little difference into the mix. So no, you shouldn’t trust your RNG. History has proven that this is probably not wise, at least unless you somehow organically seed it before you start extracting random numbers from it to create cryptography keys.

Only the paranoid survives – CEO of Intel

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.