|
Most cryptographic systems manage the selection of keys and the negotiation of protocols for you. Systems that do this must be able to select keys that are not easily guessed, because one way to attack a cryptographic system is to predict the keys that might be used in the system. These keys are selected by generating random numbers.
It is difficult for a computer to generate good random numbers. Computers, by their very nature, are extremely predictable, and hundreds of thousands of engineers have labored (collectively) millions of years to make them more so. If you run a computer program twice and give it the same input the second time as you did the first, you will get the same output the second time as you did the first. Because the whole point of a truly random number is not to be able to guess the output based on the input, computers (unassisted) make lousy dice-throwers.
Note: An example of the randomness problem existed in early versions of Netscape Navigator. In order to generate a random number for the Secure Socket Layer, Netscape used the system time, which provides a 12-bit number, to generate a 40-bit crypto key. Because there was only 12 bits' worth of unique keys in that 40-bit space, hackers were able to crack and exploit secure sessions in a matter of minutes. A 12-bit key is so short that it's worthless for security. It's about as secure as a two-character password.
The best that computers can do by themselves are pseudorandom numbers, which are numbers created by a deterministic means (that is, given identical starting conditions, identical numbers will be produced). Good pseudorandom numbers have a long periodicity (it's unlikely that the same number will be generated repeatedly from different seeds) and satisfy the other conditions of random numbers, such as incompressibility (there is no redundant for repeated information in the number) and having an even distribution (generated numbers are equally likely across the possible range of numbers, rather than being clumped together). Random numbers, on the other hand, are unpredictable (an identical series of random numbers cannot be reproduced, even from identical starting conditions). Truly random numbers also satisfy other criteria, such as incompressibility and having an even distribution.
In order to get a good random number (to use as a seed value, for example), the computer must look outside itself, because computers are inherently deterministic. Many sources of randomness exist in the real (non-computer) world - the weather, ocean waves, lava-lamp wax gyrations, the times between one keystroke and the next - and a computer can measure these events and use them to generate random numbers. Key-stroke timing is commonly used to generate secret keys. Another way is to ask the user to type in a paragraph or two of text. There are no published algorithms that will predict arbitrary user input (yet).
If a random number is going to be used as a seed for pseudorandom numbers, it should have enough bits to make it difficult to guess. For example, you don't want to protect a 128-bit cryptosystem that uses IDEA with a password of eight characters or less for a seed - this is effectively only about 48 bits of security if you just use common printable ASCII characters in the password (the characters used in passwords provide about six bits' worth of uniqueness each).
(Source: "Security Complete" 2nd Edition, Sybex")
|
