Browse Prior Art Database

Randomness Recommendations for Security (RFC1750)

IP.com Disclosure Number: IPCOM000004001D
Original Publication Date: 1994-Dec-01
Included in the Prior Art Database: 2000-Sep-12
Document File: 25 page(s) / 69K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

D. Eastlake: AUTHOR [+4]

Abstract

Security systems today are built on increasingly strong cryptographic algorithms that foil pattern analysis attempts. However, the security of these systems is dependent on generating secret quantities for passwords, cryptographic keys, and similar quantities. The use of pseudo-random processes to generate secret quantities can result in pseudo-security. The sophisticated attacker of these security systems may find it easier to reproduce the environment that produced the secret quantities, searching the resulting small set of possibilities, than to locate the quantities in the whole of the number space.

This text was extracted from a ASCII Text document.
This is the abbreviated version, containing approximately 4% of the total text.

Network Working Group D. Eastlake, 3rd

Request for Comments: 1750 DEC

Category: Informational S. Crocker

Cybercash

J. Schiller

MIT

December 1994

Randomness Recommendations for Security

Status of this Memo

This memo provides information for the Internet community. This memo

does not specify an Internet standard of any kind. Distribution of

this memo is unlimited.

Abstract

Security systems today are built on increasingly strong cryptographic

algorithms that foil pattern analysis attempts. However, the security

of these systems is dependent on generating secret quantities for

passwords, cryptographic keys, and similar quantities. The use of

pseudo-random processes to generate secret quantities can result in

pseudo-security. The sophisticated attacker of these security

systems may find it easier to reproduce the environment that produced

the secret quantities, searching the resulting small set of

possibilities, than to locate the quantities in the whole of the

number space.

Choosing random quantities to foil a resourceful and motivated

adversary is surprisingly difficult. This paper points out many

pitfalls in using traditional pseudo-random number generation

techniques for choosing such quantities. It recommends the use of

truly random hardware techniques and shows that the existing hardware

on many systems can be used for this purpose. It provides

suggestions to ameliorate the problem when a hardware solution is not

available. And it gives examples of how large such quantities need

to be for some particular applications.

Acknowledgements

Comments on this document that have been incorporated were received

from (in alphabetic order) the following:

David M. Balenson (TIS)

Don Coppersmith (IBM)

Don T. Davis (consultant)

Carl Ellison (Stratus)

Marc Horowitz (MIT)

Christian Huitema (INRIA)

Charlie Kaufman (IRIS)

Steve Kent (BBN)

Hal Murray (DEC)

Neil Haller (Bellcore)

Richard Pitkin (DEC)

Tim Redmond (TIS)

Doug Tygar (CMU)

Table of Contents

1. Introduction........................................... 3

2. Requirements........................................... 4

3. Traditional Pseudo-Random Sequences.................... 5

4. Unpredictability....................................... 7

4.1 Problems with Clocks and Serial Numbers............... 7

4.2 Timing and Content of External Events................ 8

4.3 The Fallacy of Complex Manipulation.................. 8

4.4 The Fallacy of Selection from a Large Database....... 9

5. Hardwa...