Cryptography Reference
In-Depth Information
if (lr > 0)
{
r_l[++ls] = usrand64_l ();
j=1U<<(lr-1);/*j<-2
ˆ
(lr-1)*/
r_l[ls] = (r_l[ls] | j) & ((j << 1) - 1);
}
else
{
r_l[ls] |= BASEDIV2;
}
SETDIGITS_L (r_l, ls);
}
12.2 Cryptographic Random Number Generators
We now come to the cryptographic number generators that can be used for
sensitive purposes based on their properties, on the assumption that they have
been properly implemented and secret start values are used (more on this later).
We will first construct the BBS generator, then a random number generator
based on the symmetric algorithm AES, and then another that rests on a chain
of the cryptographic hash functions RIPEMD-160 and SHA-1. With the use of
AES, we build on the previous chapter; with hash functions, whose properties are
collected in Chapter 17, we are somewhat anticipating things.
We will realize random number generators in such a way that they are
reentrant, so that they can be simultaneously and independently used by several
functions without their interfering with one another. That this is a good idea will
become immediately clear when one considers how a function calls a random
number generator whose internal state has just been deleted by another function.
In this case, the second function will not obtain useful results. This scenario is
heightened when the functions are executed in parallel processes or threads.
For example, if cryptographic keys are generated within a process or thread,
and during this process the status of the random number generator being used
is deleted by another process (that is, set to zero), then the random number
generator will thereafter no longer produce reliable values, which could lead to
sharply reduced quality of the keys produced by the affected process.
A way out of this problem is provided by the reentrant property, which
we achieve by storing the internal states of the random number generators in
separate buffers, which are managed individually and used exclusively by the
calling functions.
