Results 1 to 10 of 16

Thread: Random Is Faster, More Randomness In Linux 3.13

Hybrid View

  1. #1
    Join Date
    Jan 2007
    Posts
    14,894

    Default Random Is Faster, More Randomness In Linux 3.13

    Phoronix: Random Is Faster, More Randomness In Linux 3.13

    The /dev/random changes went in for the Linux 3.13 kernel and this pull request was even interesting for the very promising next kernel release. While not in Linux 3.13, it's mentioned the Linux kernel might also end up taking a security feature from the FreeBSD playbook...

    http://www.phoronix.com/vr.php?view=MTUxNjk

  2. #2
    Join Date
    Oct 2013
    Posts
    195

    Default

    Am I the only one who read the "Random", "Radeon"? Michael is heavily covering radeon drivers news these days

  3. #3
    Join Date
    Jan 2013
    Location
    Sweden
    Posts
    45

    Default

    The Android flaw was bad for Bitcoin wallets as this bug caused the "randomness" in Android devices(Android based on Linux kernel!) to be predictable. That way private keys could be generated that had been generated "randomly" so the attacker could thus "generate randomly" the exact same private keys that somebody else had generated on the Android device.
    This randomness and entropy improvement to Linux is of course good but Google is too stupid to care right now, so don't generate your private keys on Android, but generate them on Linux, *BSD, then you import them to your Android device. Android is a sinking ship...

  4. #4
    Join Date
    Mar 2013
    Posts
    253

    Default

    Quote Originally Posted by powdigsig View Post
    Android is a sinking ship...
    Let's not go nuts. Certainly, Android is a subset of Linux with incredibly crappy Java-based userland. But sales are better than ever: http://www.gartner.com/newsroom/id/2573415

    Smartphones may be twice as fast as they were in 1973, but your average consumer is as drunk and stupid as ever.

  5. #5
    Join Date
    Oct 2012
    Posts
    148

    Default

    Quote Originally Posted by powdigsig View Post
    The Android flaw was bad for Bitcoin wallets as this bug caused the "randomness" in Android devices(Android based on Linux kernel!) to be predictable. That way private keys could be generated that had been generated "randomly" so the attacker could thus "generate randomly" the exact same private keys that somebody else had generated on the Android device.
    This randomness and entropy improvement to Linux is of course good but Google is too stupid to care right now, so don't generate your private keys on Android, but generate them on Linux, *BSD, then you import them to your Android device. Android is a sinking ship...
    sorry, but you obviously have no idea what you're talking about.

    There have been at least 3 indirection layers between /dev/random and the Bitcoin application. Just because there is a bug in dalvik, doesn't make /dev/random faulty. As much as it can interfere with a good rant, taking off the fanboy goggles is good for your health.

  6. #6
    Join Date
    Dec 2010
    Location
    MA, USA
    Posts
    1,339

    Default

    While I never understood how people can find predictability in /dev/random on any system, I also don't understand how people who care about pure random numbers don't make a USB device that actually generates purely random numbers. I remember hearing about how it is possible to get pure 100% random number (in a digital perspective) using a very tiny amount of an element like Americium and have some sensors that read the gamma rays that are emitted. While nothing in physics is 100% unpredictable, these gamma rays are generated at the atomic level, which is so hard to measure that you might as well call it perfectly random. I figure the only problem with this type of device is it's likely affected by temperature. You still won't be able to predict the exact number it generates but you can at least figure out the range it would be in. So for example, if it's 20C in the room, you might get a number from 10000 to 50000 but if it's 30C you might get a number from 20000 to 80000. I could be wrong though.

  7. #7
    Join Date
    May 2013
    Posts
    41

    Default

    Quote Originally Posted by schmidtbag View Post
    While nothing in physics is 100% unpredictable,
    Wave function collapse is truely random and can be used to generate 100% random numbers. It is in fact the only source of true randomness in our Universe.

  8. #8
    Join Date
    Dec 2010
    Posts
    18

    Default

    Quote Originally Posted by schmidtbag View Post
    While I never understood how people can find predictability in /dev/random on any system
    People can find predictability with /dev/urandom, not with /dev/random. But that's kind of by design... /dev/urandom was created so that reads from it would never block even when the system hasn't generated enough entropy. Most apps don't need cryptographically strong randomness, and those that do should be using /dev/random.

  9. #9
    Join Date
    Jan 2009
    Posts
    1,416

    Default

    Quote Originally Posted by schmidtbag View Post
    While I never understood how people can find predictability in /dev/random on any system, I also don't understand how people who care about pure random numbers don't make a USB device that actually generates purely random numbers. I remember hearing about how it is possible to get pure 100% random number (in a digital perspective) using a very tiny amount of an element like Americium and have some sensors that read the gamma rays that are emitted. While nothing in physics is 100% unpredictable, these gamma rays are generated at the atomic level, which is so hard to measure that you might as well call it perfectly random. I figure the only problem with this type of device is it's likely affected by temperature. You still won't be able to predict the exact number it generates but you can at least figure out the range it would be in. So for example, if it's 20C in the room, you might get a number from 10000 to 50000 but if it's 30C you might get a number from 20000 to 80000. I could be wrong though.
    You can get 100% random numbers by simply looking at the least significant digits of system time when events occur. There are advantages to having jitter in those cases Of course, that is a pretty slow way to gather data thus why systems with tons of things happening on them, like servers, can generate so much randomness.

  10. #10
    Join Date
    Jul 2013
    Posts
    204

    Default

    Quote Originally Posted by siavashserver View Post
    Am I the only one who read the "Random", "Radeon"? Michael is heavily covering radeon drivers news these days
    I accidentally read it as "Radeon" as well. xD

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •