Random Number Generators
Cryptographic systems need cryptographically strong (pseudo) random numbers that cannot be guessed by an attacker. Random numbers are typically used to generate session keys, and their quality is critical for the quality of the resulting systems. The random number generator is easily overlooked, and can become the weakest point of the cryptosystem.Some machines may have special purpose hardware noise generators. Noise from the leak current of a diode or transistor, least significant bits of audio inputs, times between interrupts, etc. are all good sources of randomness when processed with a suitable cryptographical hash function. It is a good idea to acquire true environmental noise whenever possible.
One cryptographical pseudo random number generator is Yarrow by Counterpane. The ANSI X9.17 standard defines another one, which is based on the triple-DES encryption algorithm. This function is widely used and it has been FIPS-approved by the US government. Another well known pseudo random number generator, used to produce, for example, DSA private keys, is defined in the FIPS 186 standard. A good page to search for further material on (statistical) pseudo-random number generators is the pLab site. Any cryptographically good pseudo-random number generator should pass all the basic tests for statistical randomness.
