Re: How to generate cryptographically-secure random big-integers? [message #170231 is a reply to message #170218] |
Wed, 20 October 2010 18:15 |
seeWebInstead
Messages: 14 Registered: October 2010
Karma:
|
Junior Member |
|
|
> From: Erwin Moller <Since_humans_read_this_I_am_spammed_too_m...@spamyourself.com>
> ... when you use /dev/random on Linux, it can use noise.
I tried it here on FreeBSD Unix, and indeed it does *something*. (I
haven't tested it for randomness myself.) I'd need to write a test
PHP script to determine whether it exists and is accessible from a
PHP script on the remote hosting services.
There doesn't seem to be any 'man' page for it, so I did Google
search, and found: http://en.wikipedia.org/wiki//dev/random#FreeBSD
"In 2004, Landon Curt Noll tested the FreeBSD 5.2.1 version of
/dev/random and found that it was not a cryptographically strong random
number generator because its output had multiple uniformity flaws
according to the Billion bit test. Similar flaws were found in the
Linux 2.4.21-20, Solaris 8 patch 108528-18, and Mac OS X 10.3.5
implementations of /dev/random."
That's not acceptable for my use.
The WikiPedia page links to a nice article describing the
million-bit tests that were performed, which mentions several
cryptographically-secure pseudo-random number generators, each of
which then begs the question how to generate a random seed. In fact
since I only need one (1) big integer on each system, and the seed
must be at least as large as the entire amount of random data I
need, and must itself be truly random, nevermind the PRNG that uses
the seed, just use the seed itself as the random big-integer I
need. So how do I generate a 210-digit truly-random seed??
The million-bit article also mentions one true random number
generator, namely 'LavaRnd'. Unfortunately LavaRnd requires
equipment to take a digital photo of a physically chaotic
apparatus, which is not feasible in pure PHP and not likely to be
supplied on all the PHP/MySQL hosting sites I'll be using.
|
|
|