Re: Wanted: Secure-delete utility for Linux

tytso@mit.edu
Thu, 31 Dec 1998 17:39:02 -0500


Date: Thu, 24 Dec 1998 09:01:59 EST
From: Kev <klmitch@MIT.EDU>

Here's an idea for what I think will be a relatively secure PRNG (but
I'm not a cryptographer): Take 2 values generated in a secure manner,
storing one of them in memory. Perform a cryptographic hash over these
two values; use the results as your first random value. When you need
another random value, perform another cryptographic hash over the first
value, which you saved, and the last generated value.

Properties I see here:

* Because you're using cryptographic hashes, you cannot easily recover
a previous value in the sequence given a later value.
* Because you're performing the hashes with an unknown value in
addition to previous values of the sequence, it is difficult to
predict later values in the sequence.

Of course, this relies on the security of the hash you choose, and the
source of your initial random values also needs to be very secure;
knowledge of the seed would still give away the whole sequence.

Follow-ups should go to a more appropriate forum, but at least a
cryptography discussion is more on-topic than all of the
GPL/license/RMS_ego flaming that's been going on....

As long as "the first value, which you saved", is not the first random
value, but one of the two values generated in a secure fashion, this is
mostly secure, as long as the the values are large enough --- i.e., at
least 64-128 bits long.

A much simpler way of generating a secure PRNG is to generate 128 bits
of good random bits, and use that as the input to a hash function. To
generate successive values of the PRNG, simply increment the 128 bit
value and hash the resulting counter.

- Ted

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/