Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Perfectly random one-time pad for encryption

I need to create a one-time pad to encrypt some data (a few KBs in size). How should I go about generating this one-time pad to avoid all of the pseudo-random problems associated with basic random number generation such as rand()?

Is there an existing, trusted tool or library I can use for this?

like image 889
Petrus Theron Avatar asked Jan 12 '11 18:01

Petrus Theron


Video Answer


3 Answers

Most modern operating systems have a cryptographically-secure pseudo-random number generator.

For example, Windows has CryptGenRandom. You can access the same stream from .NET by using the RNGCryptoServiceProvider class. From C++, you can access the same stream by using the Microsoft C++ library function rand_s. From Python, it's accessible using the function urandom (see bottom of linked page) in the os module.

Unlike normal PRNGs, CSPRNGs are designed to pass rigorous statistical randomness tests. They're also designed to hold up well under serious attack, even when their initial or running state becomes available to an attacker.

The term "pseudo-random", as used by cryptographers, may be misleading to a non-technical reader. A CSPRNG expands a collection of random values, known as a seed, into a longer sequence of numbers. That sequence is reproducible given the seed, but for any good CSPRNG, a minor change in the seed yields a very different sequence. Therefore, as long as at least some portion of the seed is chosen via an adequately random process, an attacker is unable to predict the resulting sequence - even if the attacker can influence the remainder of the seed.

Numerous important systems, ranging from military communications to the encryption that protects virtually all online transactions, rely on the functionally-equivalent security between "cryptographically-secure pseudo-random" and "random".

EDIT: If you're lucky enough to be working with Intel's Ivy Bridge processor range, you now have another very interesting alternative.

like image 71
HTTP 410 Avatar answered Oct 27 '22 14:10

HTTP 410


You can't generate truly random numbers algorithmically - you need hardware assistance. If you use an algorithm, however secure (such as a cryptographically secure PRNG), you're simply creating a stream cipher based on that PRNG; it's no longer a One Time Pad.

like image 27
Nick Johnson Avatar answered Oct 27 '22 16:10

Nick Johnson


Try Random.ORG. They have various free (and paid) services that generate truly random numbers based on atmospheric noise (or at least that is what they claim to do).

like image 36
NealB Avatar answered Oct 27 '22 15:10

NealB