Manualshelf

HP-UX Strong Random Number Generator vB.11.11.07 Product Note

ManualsBrandsHP ManualsSoftwareHP-UX Security Products and Features Software
12345678910
HP-UX Strong Random Number Generator
What is HP-UX Strong Random Number Generator?
Chapter 1
1
1 HP-UX Strong Random Number
Generator
What is HP-UX Strong Random Number Generator?
HP-UX Strong Random Number Generator (KRNG11i Version B.11.11.07) provides a
secure, non-reproducible source of true random numbers for applications with strong
security requirements, such as for generating encryption keys. Generating encryption
keys from a non-random source constitutes a security risk that you can remove using
this product. The /dev/random and /dev/urandom special files are created during
product installation. When configured to use these special files, applications such as SSH
will have a more secure environment for performing cryptographic computations.
The /dev/random and /dev/urandom files created by KRNG11i allow the read (2)
system call to retrieve strong random binary sequences of up to 256 bytes. This interface
is compatible with that provided by the Linux /dev/random and /dev/urandom special
files.
The following are the features and benefits offered by HP-UX Strong Random Number
Generator:
Cryptographic Strength
For a strong random number generator, a source of informational entropy must be
tapped to obtain random sequences. It is a postulate adhered to by many experts
that true random numbers cannot be generated mathematically, as is done by
pseudo-random number generators seeded with clock times. Empirical studies show
that there is an element of randomness in the completion times of external
interrupts (disk, network, clock wakeups, etc.) when the completion times are
measured with sub-microsecond granularity. You can use a sub-microsecond region
of the timings to generate a bit sequence that appears indistinguishable from a true
random sequence over time.
Security
A strong random number generator must not be influenced by, or provide any useful
information to, an adversary attempting to guess its returned values. For this
reason, the strong random number generator is contained entirely within the kernel
domain and has no interfaces that permit modification of the binary sequences it
provides. It does not store any data for initializing itself or provide interfaces that
permit modification of its internal state.
Performance
KRNG11i has negligible performance impact on other components such as storage or
networking subsystems.
Scalable from small to large
Generator output is not dependent on the presence of local devices, such as mouse or
keyboard.