Cryptography Reference
In-Depth Information
generators are neither readily available nor widely deployed. There are, however,
some existing hardware devices that may be used to serve as sources of randomness.
The last two examples itemized earlier illustrate this possibility.
9.2.2
Software-Based Random Bit Generators
First of all, it is important to note that designing a random bit generator in software
is even more difficult than doing so in hardware. According to [3], processes upon
which software-based random bit generators may be based include:
•
The system clock (e.g., [8]);
•
The elapsed time between keystrokes or mouse movements;
•
The content of input/output buffers;
•
The input provided by the user;
•
The values of operating system variables, such as system load or network
statistics.
Again, this list is not exclusive, and many other processes may also be used
by software-based random bit generators.
In either case, the behavior of the processes may vary considerably depending
on various factors, such as the computer platform, the operating system, and the
actual software release in use. It may also be difficult to prevent an adversary from
observing or manipulating these processes. For example, if an adversary has a rough
idea of when a random bit sequence was generated, he or she can guess the content
of the system clock at that time with a high degree of accuracy. Consequently, care
must be taken when the system clock and the identification numbers of running
processes are used to generate random bit sequences. This type of problem first
gained publicity in 1995, when it was found that the encryption in Netscape browsers
could be broken in around a minute due to the limited range of values provided
by such a random bit generator. Because the values used to generate session keys
could be established without too much difficulty, even U.S. domestic browsers with
128-bit session keys carried only 47 bits of entropy in their session keys at most
[9]. Shortly afterwards, it was found that the Massachusetts Institute of Technology
(MIT) implementations of Kerberos version 4 (e.g., [10]) and the magic cookie key
generation mechanism of the X windows system suffered from similar weaknesses.
Sometimes, it is possible to use external (i.e., external to the computer system
that needs the randomness) sources of randomness. For example, a potential source
of randomness is the unpredictable behavior of the stock market. This source, how-
ever, has some disadvantages of its own. For example, it is sometimes predictable
