(91) 350-9520 support@omarine.org M-F: 7 AM - 7 PM; Weekends: 9 AM - 5 PM

Cyber security: Unpredictable Random Number Generator

Random Number Generator is an important factor of security activity to create cryptographic keys and passwords.

We already know that the rand() function is a simple pseudo-random number generator. It returns a pseudo-random integer in the range 0 to RAND_MAX, ie, the mathematical range [0, RAND_MAX]. You can use rand() to define your own function that returns a pseudo-random integer in a custom range as follows:

int getRand(int range_min, int range_max)
{
    int u = (int)((double)rand() / ((double)RAND_MAX + 1) * (range_max - range_min) + range_min);
    return u;
}

The rand() function is seeded by the srand() function. The following small program shows that the rand() function outputs a fixed pseudo-random integer with the same seed:

/* rand.c */

#include <stdlib.h>
#include <stdio.h>

int main() {
    srand(2); 
    int i = rand();
    printf("%d\n", i);
    return 0;
}

After compiling, the rand program each time runs the same result:

Such function can be used in statistics but clearly can not be used for security purposes.

The Linux kernel uses two devices /dev/random and /dev/urandom along with the entropy pool to generate random numbers. Entropy pool is established from hardware information and other sources to create seed. This solution has been used in security. When the /dev/urandom device is read, it returns random bytes. You can use the following command to create a random password of the length 10:

(cat /dev/urandom|tr -cd '[:graph:]'|fold -w 10 && echo )|head -n1

However, /dev/urandom has a deficiency, at early boot time it may return data before the entropy pool is initialized. To fix this, one can write a script that saves the entropy pool for the next reboot.

/dev/random is considered legacy, reads from it can block until additional environmental noise is gathered, and in a system with low entropy such as an embedded system, this can last forever.

The better solution is to use the getrandom() function provided by Linux 3.17 and later. The following small program uses getrandom() to provide seed for the erand48() function. The erand48() function return nonnegative double-precision floating-point values uniformly distributed over the interval [0.0, 1.0):

/* getrandom.c */

#include <stdlib.h>
#include <stdio.h>
#include <sys/random.h>

int main() {
    unsigned short xsubi[3];
    getrandom(xsubi, sizeof(short) * 3, 0);
    double f = erand48(xsubi);
    printf("%1.10f\n", f);
    return 0;
}

The getrandom program each time runs for a different result:

Omarine 4.0 provides the Haveged package to update the Linux pool for two devices /dev/random and /dev/urandom to ensure that the security applications that utilizes these two devices can generate unpredictable random numbers. This is especially needed when the system has low entropy.

If you are an end user, you need to do nothing, the haveged service is run in Omarine 4.0 by default.

Advertisements

Gửi phản hồi

Website này sử dụng Akismet để hạn chế spam. Tìm hiểu bình luận của bạn được duyệt như thế nào.

%d bloggers like this: