There is a large gap between the theory and practice for random number generation. For example, on most operating systems, using/dev/random to generate a 256-bit AES key is highly likely to produce a key with no more than 160 bits of security. In this paper, we propose solutions to many of the issues that real software-based random number infrastructures have encountered. Particularly, we demonstrate that universal hash functions are a theoretically appealing and efficient mechanism for accumulating entropy, we show how to deal with forking processes without using a two-phase commit, and we explore better metrics for estimating entropy and argue that systems should provide both computational security and information theoretic security through separate interfaces.
展开▼
