Using random number file

classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|

Using random number file

Akos Vandra
Hello!

I have a source of (more or less) true random numbers, which I get as binary files (1MB each).
I want openssl to use these files as a random number source to generate keys and signing operations. How can this be done?

Regards,
  Vandra Ákos
Reply | Threaded
Open this post in threaded view
|

Re: Using random number file

Bernhard Fröhlich-2
Akos Vandra schrieb:
> Hello!
>
> I have a source of (more or less) true random numbers, which I get as
> binary files (1MB each).
> I want openssl to use these files as a random number source to
> generate keys and signing operations. How can this be done?
>
> Regards,
>   Vandra Ákos
Try using the RANDFILE= parameter in the configuration file
http://www.openssl.org/docs/apps/config.html, though I don't know if
this parameter is used by all commands.

Hope it helps.
Ted
;)

--
PGP Public Key Information
Download complete Key from http://www.convey.de/ted/tedkey_convey.asc
Key fingerprint = 31B0 E029 BCF9 6605 DAC1  B2E1 0CC8 70F4 7AFB 8D26



smime.p7s (4K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Using random number file

Akos Vandra
As far as I understand, that file is used only to seed the internal PRNG, not to read numbers from there... Or am I wrong? (Also the docs say the file will be overwrited)

Regards,
  Vandra Ákos

2009/7/3 Bernhard Froehlich <[hidden email]>
Akos Vandra schrieb:

Hello!

I have a source of (more or less) true random numbers, which I get as binary files (1MB each).
I want openssl to use these files as a random number source to generate keys and signing operations. How can this be done?

Regards,
 Vandra Ákos
Try using the RANDFILE= parameter in the configuration file http://www.openssl.org/docs/apps/config.html, though I don't know if this parameter is used by all commands.

Hope it helps.
Ted
;)

--
PGP Public Key Information
Download complete Key from http://www.convey.de/ted/tedkey_convey.asc
Key fingerprint = 31B0 E029 BCF9 6605 DAC1  B2E1 0CC8 70F4 7AFB 8D26



Reply | Threaded
Open this post in threaded view
|

Re: Using random number file

Michael S. Zick-4
On Fri July 3 2009, Akos Vandra wrote:
> As far as I understand, that file is used only to seed the internal PRNG,
> not to read numbers from there... Or am I wrong? (Also the docs say the file
> will be overwrited)
>

Yes to both.
This is intended to reduce the chance that the same random bit sequence
will be used more than once.

Reading "random" numbers from a file is one way to defeat this protection.
I.E: You don't know how many other people have read the same file.

There are types of cryptography based on the concept of a "one time pad" -
but that does not seem to be what you are asking about in this post.

Mike

> Regards,
>   Vandra Ákos
>
> 2009/7/3 Bernhard Froehlich <[hidden email]>
>
> > Akos Vandra schrieb:
> >
> >  Hello!
> >>
> >> I have a source of (more or less) true random numbers, which I get as
> >> binary files (1MB each).
> >> I want openssl to use these files as a random number source to generate
> >> keys and signing operations. How can this be done?
> >>
> >> Regards,
> >>  Vandra Ákos
> >>
> > Try using the RANDFILE= parameter in the configuration file
> > http://www.openssl.org/docs/apps/config.html, though I don't know if this
> > parameter is used by all commands.
> >
> > Hope it helps.
> > Ted
> > ;)
> >
> > --
> > PGP Public Key Information
> > Download complete Key from http://www.convey.de/ted/tedkey_convey.asc
> > Key fingerprint = 31B0 E029 BCF9 6605 DAC1  B2E1 0CC8 70F4 7AFB 8D26
> >
> >
> >
>


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Using random number file

Akos Vandra
I see what the main misunderstanding is here.

If the numbers are read from the file with no precautions whatsoever, the same numbers will be read more than once (at every run) of course. But I thought it was possible to have a set of random numbers saved in a file, and it would be possible for openssl to save a "pointer", and continue reading the file on the next run (not start from the beginning). Of course this can be done by pipeing tha file to a FIFO buffer, and then making openssl read from the pipe rather than the file (this solves the problem with the same random sequence).

What my problem here is: I have a true random number generator, but it is not linked to the computer, I get the numbers on a flash disk(as a binary file). Because these are true random numbers (well at least as far a quantum rng is random), they are safe to use for the prime generation, and I would like to use these files, rather than the PRNG of openssl (being on the safe side of a coding error in the PRNG, no offence intended, we all make mistakes :). I would like to know if this is possible

Regards,
  Vandra Ákos

2009/7/3 Michael S. Zick <[hidden email]>
On Fri July 3 2009, Akos Vandra wrote:
> As far as I understand, that file is used only to seed the internal PRNG,
> not to read numbers from there... Or am I wrong? (Also the docs say the file
> will be overwrited)
>

Yes to both.
This is intended to reduce the chance that the same random bit sequence
will be used more than once.

Reading "random" numbers from a file is one way to defeat this protection.
I.E: You don't know how many other people have read the same file.

There are types of cryptography based on the concept of a "one time pad" -
but that does not seem to be what you are asking about in this post.

Mike
> Regards,
>   Vandra Ákos
>
> 2009/7/3 Bernhard Froehlich <[hidden email]>
>
> > Akos Vandra schrieb:
> >
> >  Hello!
> >>
> >> I have a source of (more or less) true random numbers, which I get as
> >> binary files (1MB each).
> >> I want openssl to use these files as a random number source to generate
> >> keys and signing operations. How can this be done?
> >>
> >> Regards,
> >>  Vandra Ákos
> >>
> > Try using the RANDFILE= parameter in the configuration file
> > http://www.openssl.org/docs/apps/config.html, though I don't know if this
> > parameter is used by all commands.
> >
> > Hope it helps.
> > Ted
> > ;)
> >
> > --
> > PGP Public Key Information
> > Download complete Key from http://www.convey.de/ted/tedkey_convey.asc
> > Key fingerprint = 31B0 E029 BCF9 6605 DAC1  B2E1 0CC8 70F4 7AFB 8D26
> >
> >
> >
>


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]

Reply | Threaded
Open this post in threaded view
|

RE: Using random number file

JoelKatz

Akos Vandra wrote:

> I see what the main misunderstanding is here.

> If the numbers are read from the file with no precautions whatsoever,
> the same numbers will be read more than once (at every run) of course.
> But I thought it was possible to have a set of random numbers saved in
> a file, and it would be possible for openssl to save a "pointer", and
> continue reading the file on the next run (not start from the beginning).
> Of course this can be done by pipeing tha file to a FIFO buffer, and then
> making openssl read from the pipe rather than the file (this solves the
> problem with the same random sequence).

Yes, exactly.

> What my problem here is: I have a true random number generator, but it
> is not linked to the computer, I get the numbers on a flash disk(as a
> binary file). Because these are true random numbers (well at least as
> far a quantum rng is random), they are safe to use for the prime
> generation, and I would like to use these files, rather than the PRNG
> of openssl (being on the safe side of a coding error in the PRNG, no
> offence intended, we all make mistakes :). I would like to know if
> this is possible

What you need is a program that sucks in the files of random numbers and
serves them to a pipe that OpenSSL (and other RNG clients) can read from.
The program would need to ensure that each number is only written to the
pipe once. It can keep the pipe 'full' and let you know when it's low on
random numbers. This is a very simple program to write. (And I believe
similar programs do already exist. Have a look at 'egd'.)

However, it will not likely achieve your stated objective. Unless you vet
your program to the same degree as OpenSSL's PRNG has been vetted, you will
simply have replaced a solution with a less-reliable solution. As a general
rule, in crytography, the worst thing you can do is cook up your own
solution to a problem.

DS


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Using random number file

Akos Vandra
Thanks for your reply.

I have two further questions I would like to ask:

How can I make openssl read from that pipe?
And why would a certified hardware quantum random generator hardware be less reliable than openssl's prng?

Regards,
  Vandra Ákos

2009/7/4 David Schwartz <[hidden email]>

Akos Vandra wrote:

> I see what the main misunderstanding is here.

> If the numbers are read from the file with no precautions whatsoever,
> the same numbers will be read more than once (at every run) of course.
> But I thought it was possible to have a set of random numbers saved in
> a file, and it would be possible for openssl to save a "pointer", and
> continue reading the file on the next run (not start from the beginning).
> Of course this can be done by pipeing tha file to a FIFO buffer, and then
> making openssl read from the pipe rather than the file (this solves the
> problem with the same random sequence).

Yes, exactly.

> What my problem here is: I have a true random number generator, but it
> is not linked to the computer, I get the numbers on a flash disk(as a
> binary file). Because these are true random numbers (well at least as
> far a quantum rng is random), they are safe to use for the prime
> generation, and I would like to use these files, rather than the PRNG
> of openssl (being on the safe side of a coding error in the PRNG, no
> offence intended, we all make mistakes :). I would like to know if
> this is possible

What you need is a program that sucks in the files of random numbers and
serves them to a pipe that OpenSSL (and other RNG clients) can read from.
The program would need to ensure that each number is only written to the
pipe once. It can keep the pipe 'full' and let you know when it's low on
random numbers. This is a very simple program to write. (And I believe
similar programs do already exist. Have a look at 'egd'.)

However, it will not likely achieve your stated objective. Unless you vet
your program to the same degree as OpenSSL's PRNG has been vetted, you will
simply have replaced a solution with a less-reliable solution. As a general
rule, in crytography, the worst thing you can do is cook up your own
solution to a problem.

DS


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]

Reply | Threaded
Open this post in threaded view
|

RE: Using random number file

JoelKatz

Alos Vandra:

> Thanks for your reply.

> I have two further questions I would like to ask:

> How can I make openssl read from that pipe?

It depends on exactly what you're asking. If you're talking about how to do
it in a program somebody else wrote, you'd have to ask them. If you're
talking about how to do it in your own program, you can replace the OpenSSL
PRNG with RAND_set_rand_method. If you're talking about how to do it in the
applications included with OpenSSL, use the 'RANDFILE' environment variable
There's built-in support for EGD, so it may be worth 'faking' EGS's
protocol.

> And why would a certified hardware quantum random generator hardware
> be less reliable than openssl's prng?

Because "reliable" is an attribute of the system as a whole, not its
individual components. When I read your question, I see, "Why would a system
I put together myself be less reliable than a system that has been publicaly
vetted and stood the test of time?" And the answer is obvious -- you might
make mistakes putting the system together and your shoulder is not being
looked over the way the OpenSSL project is.

My advice to you would be to compromise. A known property of OpenSSL's PRNG
is that it can never be hurt by adding seed material to it. So add as much
seed material to it as often as you like. This cannot possibly hurt, so your
baseline is the reliability of OpenSSL. (And, in fact, this is what I do.)

If you really want to, you can intercept OpenSSL's PRNG calls with your own
rand method. Keep track of how much entropy is being pulled out of the pool
and add back in the same amount from your own source. This way even if you
screw up the worst imaginable way (assuming you don't actually distort the
data from the PRNG going back to OpenSSL) you cannot make things any less
secure.

DS


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Using random number file

Richard Könning
In reply to this post by Akos Vandra
Akos Vandra wrote:

> And why would a certified hardware quantum random generator hardware be less reliable than openssl's prng?

The details depend on the specific hardware, but when for example a
resistor blows up it may be that there is no more random input. Afair
some years ago one tested some HW generators and experienced at least
with one model that many examplars of this model failed right from the
beginning. So it is not so simple to make a reliable HW random number
generator.
Ciao,
Richard
--
Dr. Richard W. Könning
Fujitsu Technology Solutions GmbH

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]