460:
335:
Turan, Meltem Sönmez; Barker, Elaine; Kelsey, John; McKay, Kerry A; Baish, Mary L; Boyle, Mike (2018). NIST SP800-90B: Recommendation for the entropy sources used for random bit generation (Report). Gaithersburg, MD: National
Institute of Standards and Technology.
139:(PRNG) seeded by the true random bits. For example, in Linux, the /dev/random does not use the PRNG (and thus can block when it needs to collect more entropy), while /dev/urandom includes one (and therefore can always provide more bits and is non-blocking).
90:
counterpart, as the non-physical noise sources require specific conditions to work, thus the entropy estimates require major assumptions about the external environment and skills of an attacker.
389:
395:
404:
157:
the random-time I/O (events from keyboard, mouse, and disk), mixing the kernel timer value, cycle counter, device-specific information into the "input pool".
165:) when the early (u)random outputs were catastrophically non-random, but in general the system provided enough uncertainty to thwart an attacker.
441:
372:
497:
521:
51:
87:
136:
39:
107:
operating in an environment where the assumptions about the system behavior no longer hold true (for example, in a
17:
526:
490:
161:
At the time, testing in virtualized environments had shown that there existed a boot-time "entropy hole" (
516:
132:
55:
483:
151:
131:
The design of an NPTRNG is traditional for TRNGs: a noise source is followed by a postprocessing
437:
368:
67:
352:
429:
420:
360:
337:
419:
Everspaugh, Adam; Zhai, Yan; Jellinek, Robert; Ristenpart, Thomas; Swift, Michael (2014).
116:
108:
62:
or human input (e.g., mouse movements and keystrokes). A typical NPTRNG is implemented as
467:
104:
an attacker connecting a predictable source of events (for example, a mouse simulator);
43:
66:
running on a computer. The NPTRNGs are frequently found in the kernels of the popular
510:
120:
364:
59:
97:
vulnerability to an adversary with system access (just like any software-based
342:
147:
459:
142:
As of 2014, the Linux NPTRNG implementation extracted the entropy from:
63:
433:
428:. 2014 IEEE Symposium on Security and Privacy. IEEE. pp. 559–574.
75:
391:
A Proposal for
Functionality Classes for Random Number Generators
422:
Not-So-Random
Numbers in Virtualized Linux and the Whirlwind RNG
411:
318:
306:
294:
150:, mixing CPU cycle counter, kernel timer value, IRQ number, and
98:
154:
of the interrupted instruction into a "fast pool" of entropy;
353:"Random Number Generators for Cryptographic Applications"
182:
180:
178:
70:
that are expected to run on any generic CPU (for example
388:
Peter, Matthias; Schindler, Werner (September 2, 2022).
471:
50:
that obtains entropy from system data, like outputs of
210:
198:
71:
396:
Bundesamt für
Sicherheit in der Informationstechnik
86:An NPTRNG is inherently less trustworthy that its
36:non-physical nondeterministic random bit generator
18:Non-physical nondeterministic random bit generator
115:A more sophisticated attack in 2007 breached the
42:that does not have access to dedicated hardware
258:
246:
491:
8:
498:
484:
359:. Boston, MA: Springer US. pp. 5–23.
341:
282:
270:
234:
186:
28:Non-physical true random number generator
123:by exploiting few implementation flaws.
174:
54:functions, residual information in the
7:
456:
454:
222:
25:
52:application programming interface
458:
88:physical random number generator
405:"Non-physical entropy sources"
1:
137:pseudorandom number generator
470:. You can help Knowledge by
466:This computing article is a
40:true random number generator
403:Hall, Tim (29 April 2021).
365:10.1007/978-0-387-71817-0_2
543:
453:
351:Schindler, Werner (2008).
259:Peter & Schindler 2022
247:Peter & Schindler 2022
357:Cryptographic Engineering
93:Typical attacks include:
48:non-physical noise source
522:Random number generation
135:and, optionally, with a
394:(2.35 DRAFT ed.).
343:10.6028/nist.sp.800-90b
355:. In Koc, C.K. (ed.).
319:Everspaugh et al. 2014
307:Everspaugh et al. 2014
295:Everspaugh et al. 2014
133:randomness extractor
56:random access memory
163:reset vulnerability
152:instruction pointer
434:10.1109/SP.2014.42
479:
478:
443:978-1-4799-4686-0
374:978-0-387-71817-0
285:, pp. 18–19.
211:Turan et al. 2018
199:Turan et al. 2018
119:of the NPTRNG in
68:operating systems
34:), also known as
16:(Redirected from
534:
500:
493:
486:
462:
455:
447:
427:
415:
409:
399:
384:
382:
381:
347:
345:
322:
316:
310:
304:
298:
292:
286:
280:
274:
268:
262:
256:
250:
244:
238:
232:
226:
220:
214:
208:
202:
196:
190:
184:
46:. NPTRNG uses a
21:
542:
541:
537:
536:
535:
533:
532:
531:
527:Computing stubs
507:
506:
505:
504:
451:
444:
425:
418:
407:
402:
387:
379:
377:
375:
350:
334:
331:
326:
325:
317:
313:
305:
301:
293:
289:
281:
277:
269:
265:
257:
253:
245:
241:
233:
229:
221:
217:
209:
205:
197:
193:
185:
176:
171:
129:
127:Implementations
117:forward secrecy
109:virtual machine
84:
23:
22:
15:
12:
11:
5:
540:
538:
530:
529:
524:
519:
509:
508:
503:
502:
495:
488:
480:
477:
476:
463:
449:
448:
442:
416:
400:
385:
373:
348:
330:
327:
324:
323:
321:, p. 573.
311:
309:, p. 561.
299:
297:, p. 560.
287:
283:Schindler 2008
275:
271:Schindler 2008
263:
251:
239:
235:Schindler 2008
227:
215:
203:
191:
187:Schindler 2008
173:
172:
170:
167:
159:
158:
155:
128:
125:
113:
112:
105:
102:
83:
80:
44:entropy source
24:
14:
13:
10:
9:
6:
4:
3:
2:
539:
528:
525:
523:
520:
518:
515:
514:
512:
501:
496:
494:
489:
487:
482:
481:
475:
473:
469:
464:
461:
457:
452:
445:
439:
435:
431:
424:
423:
417:
413:
406:
401:
397:
393:
392:
386:
376:
370:
366:
362:
358:
354:
349:
344:
339:
333:
332:
328:
320:
315:
312:
308:
303:
300:
296:
291:
288:
284:
279:
276:
273:, p. 20.
272:
267:
264:
261:, p. 62.
260:
255:
252:
249:, p. 61.
248:
243:
240:
237:, p. 19.
236:
231:
228:
224:
219:
216:
212:
207:
204:
201:, p. 64.
200:
195:
192:
189:, p. 18.
188:
183:
181:
179:
175:
168:
166:
164:
156:
153:
149:
145:
144:
143:
140:
138:
134:
126:
124:
122:
118:
110:
106:
103:
100:
96:
95:
94:
91:
89:
81:
79:
77:
73:
69:
65:
61:
57:
53:
49:
45:
41:
37:
33:
29:
19:
517:Cryptography
472:expanding it
465:
450:
421:
390:
378:. Retrieved
356:
314:
302:
290:
278:
266:
254:
242:
230:
218:
213:, p. 5.
206:
194:
162:
160:
141:
130:
121:Windows 2000
114:
92:
85:
47:
35:
31:
27:
26:
82:Reliability
72:/dev/random
60:system time
511:Categories
380:2024-08-24
169:References
148:interrupts
223:Hall 2021
64:software
329:Sources
440:
371:
32:NPTRNG
426:(PDF)
408:(PDF)
76:Linux
38:is a
468:stub
438:ISBN
412:NIST
369:ISBN
146:the
99:TRNG
430:doi
361:doi
338:doi
78:).
74:in
513::
436:.
410:.
367:.
177:^
111:).
101:);
58:,
499:e
492:t
485:v
474:.
446:.
432::
414:.
398:.
383:.
363::
346:.
340::
225:.
30:(
20:)
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.