The FreeBSD project pushed out a brace of updates on Thursday to guard against a pair of potentially serious security vulnerabilities. First up is an update that patches a bug in the GNU tar archiving utility that created a mechanism for hackers to overwrite files on a vulnerable system. The bug, which stems from insufficient …
Random number generation
Get a grid, 3x3, and map each corresponding square to map to the number pad on a keyboard.
Use the RNG code to assign an integer value between 0-9 to each box at (pseudo)random. Have each press rerun this process.
Pick up keyboard and apply number pad repeatedly to face repeatedly until enough random data has been accrued. Multiple sessions may be required.
RNG's aren't random. We know. All they can do is make the generation routine more difficult to predict, but at the end of it all there's no substitution for some good old human error to cause something truly random!
Face to Keyboard Method
I tried Ash's method, but my nose keeps hitting the 5. And it's bleeding now.
Need non-deterministic randomness
RNGs need to take a peek once in a while at the real world for random numbers. Like packet arrival times, keystrokes, or sampled noise from the sound card. Something! It doesn't make sense to base cryptographic methods on flawed pseudo-random (i.e., non-random, repeating) algorithms.
I wonder why someone doesn't come up with a USB or card to generate pure white noise-derived numbers.
And for Linux...
Non Secret Encryption is the Unlock Key for NEUKlearer Triggers?
"there's no substitution for some good old human error to cause something truly random!"
I would substitute good old human error with viable imagination to cause something truly random!
Orderly Yin to Chaotic Yang.
Interesting how you can fit the numbers 0-9 on a 3x3 keypad....
The circuitry of a computer is an electrically noisy place. It wouldn't be difficult to put into place a chip which is tuned to the noise and outputs n-bits of randomness. This would be immune to memory-reading attacks, and could be used to re-seed software RNGs frequently if that gave better resilience. I want this on my next motherboard, please, with the drivers for all the operating systems. Thank you.
Hah just goes to show
That BSD is a RIP off of Windows...or is it the other way round?
There are already tons of random stuff on a multitasking OS to make a pseudo random generator quite random enough. It is a problem on small system where an user may well be the only event generator, but on a large systems with 10+ users processed, it is much more difficult to influence.
White noise generator are often slow, expensive and can be locally influenced too. It is quite hard to guarantee their distribution, the mechanism can also be annoyingly influenced by temperature, age of the device....
Radioactive material/geiger counter works, and you can employ russian dissidents as the source of radiation. Thye usually don't stay in the company for longenough to get critical illness money.
Electical noise works somehow, but can be influenced by any device around.
Dfferential methods on the size of the bodily attributes on "familly"(or trying to make one) pictures downloaded might well work better. Even those can be influenced by societal trends/avalability issues.
I find the current way of doing quite good.
re: Interesting how you can fit the numbers 0-9 on a 3x3 keypad....
Please! Everyone knows 3 isn't random...
The true random numbers, in no particular order, are: 012456789.
(Actually I think there should be an ampersand in there somewhere as well)
the BSD code in question can be seen here:
"Any one who considers arithmetical methods of producing random digits is, of course, in a state of sin".
John Von Neumann, (1951).
Knuth, "The Art of Computer Programming", Vol2, P1.
Oh - and having done some work with seeding randomness from the physical performance of a system, it's not quite as easy as it seems.
"I want this on my next motherboard, please, with the drivers for all the operating systems."
Didn't the Commodore C64 have this?
@stu are you not confusing the Redmond Giant with the tiny little toothless baby kitten rival over at cupertino ?
Better random number generators
There was once a suggestion that the best way to generate random numbers was to collect keyboard strokes, add in a little mouse movement, hash a few random files, and add the time since the operating system was booted, in milliseconds to the equation. The problem with the last suggestion is that an attacker can very easily figure out boot time, if your system has a predictable boot-to-on-the-network delay.
A better suggestion would be to collect a database of all machines on the internet that have BSOD'ed and their times. The time, machine name, windows version, login name, last application used, all of that could be used as "salt". The problem would be creating the database, in the first place. That, and eventually running out of disk space as the log fills up with multiple gigabytes of BSOD info.
They could just use some of the comments submitted to popular IT news site 'theregister'. Talk about random!
C64 random, and a thought (yikes!)
The C64 used a pseudo-random number generator on-board the SID chip to produce white noise. I would assume that, given the technology at the time, this sequence would be easy to deduce.
I was thinking along the lines of the digital noise in a computer to provide random numbers. How about a simple USB-based (or even chipset based) RF receiver which uses some unused or used frequency from which to derive randomness. I imagine that the white noise in an unused frequency would generate crypto-sufficient randomness. It might even be enough to continually scan through the FM or AM radio bands. If an FM receiver can fit in my cell phone with all its other gadgetry, I would think that it could fit on a motherboard.
Considering the proliferation of 802.11g these days, maybe even using the output of a spectrum analyzer of the 2.4GHz band could do that (and then somehow avoiding the inevitable privacy concerns with active intercepting WiFi, and the potential hacks to actually listen in.)
For the scanning idea, maybe feeding the input into a state machine which would dictate which direction the scan would move: up, down, up by x, down by x, stay, etc.
And what about that idea of a sound card sample? Imagine a microphone on a sound card in a server room or data center. PLENTY of noise in there from fans, air conditioning, and the like.
I proposed this in 1970s.
Include a zener diode & ADC.
Zener diodes are widely used as whitenoise generators.
My favoure method of generating random numbers is through the use of the mouse
Give the user an area 500*500 pixels and have them move the mouse around whilst you collect the co-ords of the mouse movement. Do this for about 30 seconds, or until you have enough data and there you go, random numbers.
but that's a hardware RNG - i thought the problem was that whilst we could fairly easily do it with hardware, it's virtually impossible in software.
also: didn't one of the old pentium chips have a hardware RND built in, seeded by temerature at any given time? i could be high on thermal paste again though.
Isn't there a device out there that samples atmospheric background radiation and uses that as a random number seed? Or something?
I probably could have Googled it in the time it took to write this comment, you know.
USB Random Number generators
Brian Miller> I wonder why someone doesn't come up with a USB or card to generate pure white noise-derived numbers.
What, like: http://www.araneus.fi/products-alea-eng.html?
BTW, this link is the first result google shows for a search on "USB random number generators".
FreeBSD has quite good PRNG...
..except the bugs, of course. The use Bruce Schneier's Yarrow system (http://www.schneier.com/yarrow.html), which was specifically designed to quickly recover from this sort of attack. FreeBSD also supports several HW RNGs; years ago Intel used to include one in all their chipsets, but stopped. Current Via C3s do have on-die HW RNG support.
A lot have commented here on user-generated randomness. FreeBSD has for a long time had an 'entropy pool' which is 'stirred' but a number of IRQs. So things like disk controllers, and network controllers provide a fairly good source of randomness to help stir things up a bit.
puTTY on my Nokia 9500...
used the on board mike to record environment sounds, and used the output as a random number...
The usb key with a mike, a thermistor and an optocoupler, and a couple of ADC's could be a good solution...
Can't you just...
...use one pseudo-RNG to seed another? Or use one RNG to choose when to arbitrarily read least significant digits of a running clock, then use this to seed another RNG? Surely after a couple of levels of this it'd be pretty random?
OMG - amanfromMars finally makes sense?
I must be reading El Reg way to much - I can finally understand what amanfromMars is saying...
A bug in GNU tar is a BSD problem first and foremost *how*?
So GNU tar had a security flaw. Great. So why is this being reported as news for FreeBSD? On FreeBSD, GNU tar is a niche application, as many of the people there prefer to use tools that anyone can convert to proprietary, rather than ones with restrictive licenses that prevent that, and most, if not all of the rest, prefer tools with minimal code bloat; gnu tar's --help option *alone* could make the program too bloated for the average BSDer's taste. However, the fact that the FSF have extended their tar program to the point where it actually *supports* all of the options that its help option indicates it can handle basically puts it in the 'right out' category for every BSDer that I have personally talked to about GNU tar.
The patch was a trivial single-line fix. Looks like some developer made a silly mistake.