Perfectly random one-time pad for encryption

2019-04-28 21:46发布

问题:

I need to create a one-time pad to encrypt some data (a few KBs in size). How should I go about generating this one-time pad to avoid all of the pseudo-random problems associated with basic random number generation such as rand()?

Is there an existing, trusted tool or library I can use for this?

回答1:

Try Random.ORG. They have various free (and paid) services that generate truly random numbers based on atmospheric noise (or at least that is what they claim to do).



回答2:

Most modern operating systems have a cryptographically-secure pseudo-random number generator.

For example, Windows has CryptGenRandom. You can access the same stream from .NET by using the RNGCryptoServiceProvider class. From C++, you can access the same stream by using the Microsoft C++ library function rand_s. From Python, it's accessible using the function urandom (see bottom of linked page) in the os module.

Unlike normal PRNGs, CSPRNGs are designed to pass rigorous statistical randomness tests. They're also designed to hold up well under serious attack, even when their initial or running state becomes available to an attacker.

The term "pseudo-random", as used by cryptographers, may be misleading to a non-technical reader. A CSPRNG expands a collection of random values, known as a seed, into a longer sequence of numbers. That sequence is reproducible given the seed, but for any good CSPRNG, a minor change in the seed yields a very different sequence. Therefore, as long as at least some portion of the seed is chosen via an adequately random process, an attacker is unable to predict the resulting sequence - even if the attacker can influence the remainder of the seed.

Numerous important systems, ranging from military communications to the encryption that protects virtually all online transactions, rely on the functionally-equivalent security between "cryptographically-secure pseudo-random" and "random".

EDIT: If you're lucky enough to be working with Intel's Ivy Bridge processor range, you now have another very interesting alternative.



回答3:

You can't generate truly random numbers algorithmically - you need hardware assistance. If you use an algorithm, however secure (such as a cryptographically secure PRNG), you're simply creating a stream cipher based on that PRNG; it's no longer a One Time Pad.