/dev/random and linux security issues (kinda long)
Benjamin Scott
dragonhawk at iname.com
Sun May 15 20:44:01 EDT 2005
On May 15 at 6:45pm, aluminumsulfate at earthlink.net wrote:
>> It may seem that way at first thought, but it is not the case. It
>> is entirely possible to randomly generate the same value repeatedly
>> in sequence. Statistically, it is, in fact, equally likely that you
>> will generate 79 '6's as 79 characters with no repeats.
>
> I don't believe so. The probability of getting 79 '6's is 1/95^79. The
> probability of getting ANY string of 79 of the same digit would be 1/95^78.
Hmmmm... from what I remember of my college combinatorics course (which I
flunked), you're both right.
If the series is statistically random, then the probability of getting *any*
set of N characters it the same. If you have a statistically random penny,
for example, and you flip it 20 times, you have just as much a chance of
getting 20 heads as you do 10 heads, because each individual flip is strictly
50/50, and each flip has no bearing on any other flip. The fact that you get
10 heads in a row does not mean the next one should be tails to "start making
up for the previous 10 heads".
There's a great Dilbert comic on this... here's a copy:
http://www.pen.k12.va.us/Div/Winchester/jhhs/math/humor/comics/computer/random.html
So, from that point of view, Mike's right.
Now, in the real world, I understand that there is some argument about
whether a truly statistically random series can exist. Certainly, from a
practical standpoint, if one flips a penny 100 times and gets heads each time,
it's more likely that the penny (or the flip) is somehow biased in favor of
heads. I'd certainly put my money (hah) on heads rather then tails. The same
applies to the kernel's RNG. If you see patterns, it could just be a random
coincidence, but one should look for flaws in the RNG.
So, from that point of view, aluminumsulfate at ... (Dave?) is right.
Of course, as aluminumsulfate at ... discovered, when it comes to matters of
crypto, one's own tools tend to be the first source of trouble. This is why
peer review of crypto software is absolutely critical.
--
Ben <dragonhawk at iname.com>
More information about the gnhlug-discuss
mailing list