1

When using CSPRNG (crypto secure pseudo random number generation) functions seeding is an important step. So what is the best way to seed a random number function?

Lithilion
  • 1,669
  • 2
  • 8
  • 16

1 Answers1

2

As anywhere in engineering, there's no "unique" best way; there's always going to be tradeoffs between:

  • entropy of the source of randomness,
  • rate of the entropy (i.e. how many bits/second can you get?),
  • suitability of the source distribution,
  • computational resource and energy usage,
  • lack of side-channel attacks on the entropy generation,

and finally, and really not unimportant,

  • cost.

For example, if you had a truly random source of entropy that you could ask arbitrarily often per second, you'd need to do little CSPRNG – you'd basically have a CSRNG, nothing pseudo about that! All that the generation would do would be a bit of distribution shaping to get uniformly distributed bits, which is what most crypto algorithms need.

Now, since you don't have that, in general, you'd want a source that is

  • uncorrelated, actually even
  • unpredictable,
  • unmanipulatable, and
  • doesn't have any side effects, neither whether it's currently working, nor about the random data it's producing.

As such, high-quality sources used where it actually matters are often of a quantum nature: spontaneous emissions of photons in excited matter, often.

However, as anything, "the best possible" will set you back a couple thousand dollars, not fit in your rack server, laptop or smartphone, and actually be resistant to ... no attack anyone would ever try to do, realistically.

So, as always: Model your threads. Then define the number of truly random bits per second you'll need. See whether built-in methods (CPUs these days have truly random number generation – is that enough for you, assuming that you can isolate that CPU well enough to make any kind of side channel attack impossible?), together with state-of-the-art entropy pools. For all things I can imagine, Linux' /dev/urandom, using the ChaCha20 algorithm on such hardware sources, is cryptographically secure!

Marcus Müller
  • 5,863
  • 2
  • 17
  • 28