Archived Forum Post

Index of archived forum posts

Question:

How random is "random"?

Sep 14 '13 at 08:18

Really good randomness is the corner stone of every crypt lib.

Can you please clarify how randomness is achieved in CkCrypt and CkRsa libraries?

Does Ck uses the random generator of underlying OS/API? Or do you use an own algorithm to generate randomness? Do you have internal quality test cases?

Thanx!


Answer

On Windows-based systems, CryptGenRandom is used. (see http://msdn.microsoft.com/en-us/library/windows/desktop/aa379942%28v=vs.85%29.aspx )

On Linux, Mac OS X, and other Unix type systems, Chilkat uses /dev/urandom


Answer

Out of wikipedia:

A counterpart to /dev/random is /dev/urandom ("unlocked"/non-blocking random source[4]) which reuses the internal pool to produce more pseudo-random bits. This means that the call will not block, but the output may contain less entropy than the corresponding read from /dev/random. While it is still intended as a pseudorandom number generator suitable for most cryptographic purposes, it is not recommended for the generation of long-term cryptographic keys.

Can you please add a possibility to provide an own random function, put own random byte pool to crypt lib and/or enable usage of /dev/random instead of urandom.

/dev/urandom is really not a good choice to generate long lasting RSA keys.