Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Development & Technical Discussion
Re: How to generate a private key?
by
proff
on 05/04/2013, 09:29:39 UTC
Quote from: Dabs on April 05, 2013, 01:50:03 AM
I do trust /dev/random or CryptGenRandom. The question is, what is the harm in adding additional bits of entropy from other sources?
No harm; on some (most?) systems you can write data to /dev/random for this purpose.

Quote
If you get any of them compromised (for whatever reason), the additional bits might help, won't it?
Yes, entropy is supposed to be gathered from multiple independent sources and processed to reseed the generator. As long as there is at least one source that is unpredictable to the attacker you should be OK. Did you read the chapter on the implementation of Fortuna?

Note, if your entire system is compromised, you have other things to worry about than the random-number generator. What a cryptographic PRNG is designed to deal with are cryptographic attacks, like reconstructing its internal state, though I am not sure which attack scenario you are envisioning where you have to worry about such attacks on your RNG but your system isn't otherwise completely owned anyway.

Quote
I read that one password generating program uses the high performance counter or high resolution timer. Specifically PWGen uses these two (in order of descending priority):

1. Time stamp counter (RDTSC instruction): The RDTSC processor instruction returns the number (64-bit) of cycles since reset.
2. QueryPerformanceCounter (Windows API function): According to the Windows SDK, this function returns the current value (64-bit) of the high-performance counter. This is probably just a wrapper for the time stamp counter on most systems, but the return value may be different on multicore computers. Calling this function is slower than executing RDTSC.
That's it? No keystrokes, mouse movement, etc?

Quote
I mean, maybe there is no reason for me to use anything else aside from CryptGenRandom, and possibly add one or two readings of the high resolution timer.

All I want to do is generate a 256 bit number, then check if that is a valid private key, and go from there.
Just use CryptGenRandom. Or, if you do not trust Microsoft, a different OS/implementation; I gave you at least one reference.