Pseudo Random Number Generators
A Pseudo Random Number Generator (PRNG) provides applications with a stream of numbers which have certain important properties for system security:
- It should be impossible for an outsider to predict the output of the random number generator even with knowledge of previous output.
- The generated numbers should not have repeating patterns which means the PRNG should have a very long cycle length.
A PRNG is normally just an algorithm where the same initial starting values will yield the same sequence of outputs. On a multiuser operating system there are many sources which allow seeding the PRNG with random data. The OpenBSD kernel uses the mouse interrupt timing, network data interrupt latency, inter-keypress timing and disk IO information to fill an entropy pool. Random numbers are available for kernel routines and are exported via devices to userland programs. So far random numbers are used in the following places:
- Dynamic sin_port allocation in bind(2).
- PIDs of processes.
- IP datagram IDs.
- RPC transaction IDs (XID).
- NFS RPC transaction IDs (XID).
- DNS Query-IDs.
- Inode generation numbers, see getfh(2) and fsirand(8).
- Timing perturbance in traceroute(8).
- Stronger temporary names for mktemp(3) and mkstemp(3)
- Randomness added to the TCP ISS value for protection against spoofing attacks.
- random padding in IPsec esp_old packets.
- To generate salts for the various password algorithms.
- For generating fake S/Key challenges.
- In isakmpd(8) to provide liveness proof of key exchanges.