Recently the eccentric security researcher Michal Zalewski published his first book,
entitled Silence on the
Wire: A Field Guide to Passive Reconnaissance and Indirect Attacks.
Because the book is everything except a security manual, ONLamp’s Federico Biancuzzi
chose to interview Michal and learn more about his curious approach to
information security. Among other things, they discussed the need for
randomness, how a hacker mind works, unconventional uses for search engines
such as Google, and applying AI to security tools.
That’s a wonderful book. If you’re really interested in computer security, if it’s your passion, then this book is a must read! I greatly enjoyed it.
What an honest and straightforward interview. The book sounds interesting, I will have to check it out some time.
It might be of interest that VIA’s latest x86 chips have on-die random number generator:
http://www.via.com.tw/en/initiatives/padlock/hardware.jsp
Computers need to be able to generate truly unpredictable numbers for various purposes–implementing cryptography is a prominent example.
What workarounds are available? I beliebe PGP uses “random” mouse movements or keyboard hits to generate “random” numbers. Is this a good alternative?
Are there better solutions? E.g. specialized hardware or something?
Yes PGP does use mouse capture as a random source during the creation of encrypted disk.
I often use R250 which supposedly would take many universe lifetimes to repeat a sequence. It takes about 3ns per word (xp2400). Sometimes simple PRNGs are ideal too even if predicable, sometimes thats good enough in some apps to make a counter look more random.
Ofcourse Knuth and others cover the field pretty well.
JJ