Re: Python Random Number Generator for OTP
 Why not use /dev/random, instead of "ensuring you have entropy"Â
/dev/random limits the output size to the estimated entropy. So it has abysmal performance unless there are high performance entropy sources available.
This is for a one-time pad. Limiting the output size to the estimated entropy is a *requirement*. Abysmal performance is fine, because you're going to transfer the pad using a briefcase handcuffed to a courier's arm or some similarly high-cost high-latency physical distribution method, though if you've got a higher-performance entropy source, great.
After the initial seeding this gains very little security in practice.
If "gains very little security in practice" is good enough for you, you don't need a one-time pad. Yes, the pseudo-random bits you get out of /dev/urandom will probably be much better than the bits the Russians got by mashing down the keys on typewriters, and you're probably not going to be attacked with the persistence of the Venona decrypters, but don't waste your time using one-time pads unless you're going to use them perfectly. You're much better off using a long-enough RSA key and some Diffie-Hellman session key generation. (Of course, you still want good random numbers for those, but /dev/random is plenty fast enough for that, at least on any non-virtual machine.)
On Tue, Jul 23, 2013 at 03:24:39PM -0700, Bill Stewart wrote:
Why not use /dev/random, instead of "ensuring you have entropy" /dev/random limits the output size to the estimated entropy. So it has abysmal performance unless there are high performance entropy sources available.
This is for a one-time pad. Limiting the output size to the estimated entropy is a *requirement*. Abysmal performance is fine, because you're going to transfer the pad using a briefcase handcuffed to a courier's arm or some similarly high-cost high-latency physical distribution method, though if you've got a higher-performance entropy source, great.
My /dev/random generates a few hundred kilobytes a day. I exchange OTPs on a SD card to a friend sitting across the table. I need to be able to make a bigger pad than allowed by the horrifically overly conservative entropy estimates provided by /dev/random. -andy
On Wed, Jul 24, 2013 at 7:27 PM, Andy Isaacson <adi@hexapodia.org> wrote:
My /dev/random generates a few hundred kilobytes a day. I exchange OTPs on a SD card to a friend sitting across the table. I need to be able to make a bigger pad than allowed by the horrifically overly conservative entropy estimates provided by /dev/random.
-andy
What OTP software do you use for actual communication? A
On Wed, Jul 24, 2013 at 09:37:10PM +0200, Albin Olsson wrote:
On Wed, Jul 24, 2013 at 7:27 PM, Andy Isaacson <adi@hexapodia.org> wrote:
My /dev/random generates a few hundred kilobytes a day. I exchange OTPs on a SD card to a friend sitting across the table. I need to be able to make a bigger pad than allowed by the horrifically overly conservative entropy estimates provided by /dev/random.
What OTP software do you use for actual communication?
I don't use it for anything real, because among other issues there's no message integrity, but: onetime. -andy
participants (3)
-
Albin Olsson
-
Andy Isaacson
-
Bill Stewart