canmove, Confirmed users
937
edits
VE 07KeyMgmt: Difference between revisions
→Key Generation
| Line 50: | Line 50: | ||
The initial value of ''XKEY'' is derived using the following procedure. | The initial value of ''XKEY'' is derived using the following procedure. | ||
* We obtain 1024 bytes from the system random number generator. On Windows XP SP 2, we call the CryptGenRandom function in the CryptoAPI. On Solaris, HP-UX, Linux, and Mac OS X, we read from the special device /dev/urandom.<div class=note>On HP-UX B.11.11, one must install the HP-UX Strong Random Number Generator (KRNG11i) bundle to | * We obtain 1024 bytes from the system random number generator. On Windows XP SP 2, we call the CryptGenRandom function in the CryptoAPI. On Solaris, HP-UX, Linux, and Mac OS X, we read from the special device /dev/urandom.<div class=note>On HP-UX B.11.11, one must install the HP-UX Strong Random Number Generator (KRNG11i) bundle to add the /dev/random and /dev/urandom special files. The KRNG11i bundle can be downloaded for free from the HP software depot, and installation is straightforward.</div> We set ''XKEY'' to the SHA-256 hash of these 1024 bytes.<pre>XKEY = SHA-256(1024 bytes from the system RNG)</pre> This is performed in the <code>RNG_RNGInit</code> function. | ||
* We then add extra entropy input to ''XKEY'' using SHA-256 as the mixing function:<pre>XKEY = SHA-256(XKEY || entropy_input)</pre> This is performed in the <code>RNG_SystemInfoForRNG</code> function. The mixing function is modeled after the reseed processes for the '''Hash_DRBG''' and '''Dual_EC_DRBG''' deterministic random bit generators in NIST SP 800-90 and the Reseed function for the Fortuna random number generator in Ferguson and Schneier's Practical Cryptography. The extra entropy input is either time-varying or machine-varying. On Unix, it includes: | * We then add extra entropy input to ''XKEY'' using SHA-256 as the mixing function:<pre>XKEY = SHA-256(XKEY || entropy_input)</pre> This is performed in the <code>RNG_SystemInfoForRNG</code> function. The mixing function is modeled after the reseed processes for the '''Hash_DRBG''' and '''Dual_EC_DRBG''' deterministic random bit generators in NIST SP 800-90 and the Reseed function for the Fortuna random number generator in Ferguson and Schneier's Practical Cryptography. The extra entropy input is either time-varying or machine-varying. On Unix, it includes: | ||
** various high-resolution clocks, | ** various high-resolution clocks, several times. Examples are | ||
*** <code>gettimeofday</code> | |||
*** <code>gethrtime</code> on Solaris | |||
*** <code>times</code> on Mac OS X | |||
*** the CR16 interval timer in the PA-RISC processor on HP-UX B.11.11 (see also http://h21007.www2.hp.com/dspp/tech/tech_TechSingleTipDetailPage_IDX/1,2366,5057,00.html) | |||
** the names, values, and memory addresses of all the environment variables. | ** the names, values, and memory addresses of all the environment variables. | ||
** current system/kernel statistics, | ** static system information or current system/kernel statistics, twice. Examples are | ||
** | *** the information returned by <code>sysinfo</code> function on Linux | ||
*** machine hardware name, OS release level, and hardware serial number on Solaris | |||
*** version number of OSF/AES OSC supported and version of CPU architecture on HP-UX | |||
*** the maximum number of simultaneous processes per user id, the maximum number of streams that a process may have open at any one time, and the maximum number of open files per user id on Mac OS X | |||
** the host name (returned by <code>gethostname</code>) | ** the host name (returned by <code>gethostname</code>) | ||
** the status information (<code>struct stat</code>) and contents of the file specified in the environment variable <code>NSRANDFILE</code> | ** the status information (<code>struct stat</code>) and contents of the file specified in the environment variable <code>NSRANDFILE</code> | ||