At Black Hat USA 2015, I gave a briefing on entropy use and management in the Linux kernel, along with Bruce Potter, CTO of KEYW Corporation.
You need random numbers to do many things on modern computers. For instance, all the cryptography that secures your web transactions is powered by random numbers. This cryptography means that only Amazon can use your credit card details and that only you can tell your bank to transfer money out of your account. But random numbers are hard to come by on a computer. Computers are, by nature, pretty deterministic machines.
You can generate mostly random numbers by things like measuring temperature very accurately and looking only at the last decimal place, which fluctuates a lot. Or measuring the RF radiation passing by, and again, looking only at the last decimal place. Your computer generates mostly random numbers by looking at the time that various things happen – you press a key on the keyboard, a packet arrives on the network – and looking only at the last decimal place of the time that that even happen.
Your computer takes those mostly random numbers, mixes them into an “entropy pool”, and uses it as a seed for a pseudo-random number generator. The pseudo-random number generator creates a long stream of numbers that look random, that cannot be distinguished from random, even though they are not random. And then your computer takes the output of the pseudo-random number generator and uses it for all its randomness needs.
This talk reports on a close examination of how random numbers are generated and used in Linux.
The talk is up on Youtube: Understanding and Managing Entropy Usage.
And so is an abstract and links to the white paper and slides.
While I’m here, I want to mention one of my favorite Black Hat talks from a couple of years ago: OPSEC Failure of Spies.
This is a 25-minute talk by a journalist named Matthew Cole. He discusses the unraveling of a CIA network in Italy based on cellphone metadata. Totally worth watching.