Defenses
- Mix (with, for example, xor) hardware generated random numbers with the output of a good quality stream cipher, as close to the point of use as possible. The stream cipher key or seed should be changeable in a way that can be audited and derived from a trustworthy source, e.g. dice throws. The Fortuna random number generator is an example of an algorithm which uses this mechanism.
- Generate passwords and passphrases using a true random source. Some systems select random passwords for the user rather than let users propose their own.
- Use encryption systems that document how they generate random numbers and provide a method to audit the generation process.
- Build security systems with off the shelf hardware, preferably purchased in ways that do not reveal its intended use, e.g. off the floor at a large retail establishment. From this perspective, sound cards and webcams may be a better source of randomness than hardware made for that purpose. See: Hardware random number generator.
- Maintain complete physical control over the hardware after it has been purchased.
Designing a secure random number generator requires at least as high a level of care as designing other elements of a cryptographic system.
Read more about this topic: Random Number Generator Attack
Famous quotes containing the word defenses:
“We are a nation of politicians, concerned about the outmost defenses only of freedom. It is our children’s children who may perchance be really free.”
—Henry David Thoreau (1817–1862)