updates.

[website.git] / docs / toolkit / manual / silcrng_intro.html

<html>
<head>
 <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-a" />
 <meta http-equiv="Content-Language" content="en" />
 <meta name="description" content="SILC Secure Internet Live Conferencing" />
 <meta name="keywords" content="SILC, secure, chat, protocol, cipher, encrypt, SKE" />
 <meta content="INDEX, FOLLOW" name="ROBOTS" />
 <style type="text/css">
  <!--
  body { color: #000000; background: #f0f0f0; font-family: Helvetica, Arial, Sans-serif; }
  a:link { text-decoration: none; color: #2f488f; }
  a:visited { text-decoration: none;color: #2f488f; }
  a:active { text-decoration: none; color: #2f488f; }
  -->
 </style>
</head>

<body topmargin="0" leftmargin="0" marginheight="0" marginwidth="0">

<table border="0" cellspacing="0" cellpadding="6" width="100%">
 <tr valign="top" bgcolor="#dddddd">
  <td><small>Copyright &copy; 2001 - 2007 SILC Project<br />
    <a href="http://silcnet.org">SILC Project Website</a></small></td>
  <td align="right"><small>
   <a href="index.html">SILC Toolkit Reference Manual</a><br />
   <a href="toolkit_index.html">Index</a></small></td>
   </small></td>
 </tr>
</table>
<table border="0" cellspacing="0" cellpadding="0" width="100%">
<tr bgcolor="#444444"><td><img src="space.gif" width="1" height="1"border="0" alt="" ></td></tr>
</table>

<table cellpadding="0" cellspacing="0" border="0">
 <tr valign="top">

  <td width="200" bgcolor="#f0f0f0">
   <img src="space.gif" width="1" height="1" border="0" alt="">
   <table width="100%" cellpadding="2" cellspacing="2" border="0">
    <tr valign="top"><td>
<br />
<small>
<!-- Template file for the big index that appears in the Toolkit reference
manual on the left side.  With this file it is possible to add other than
automatically generated links to that list. -->

<a href="index.html"><img src="box.gif" border="0" alt="">SILC Toolkit Reference Manual</a><br />


<a href=silccryptlib.html><img src=box.gif border=0 alt=>SILC Crypto Library</a><br />
&nbsp;&nbsp;&nbsp; <a href=silcrng_intro.html><img src=box2.gif border=0 alt=>Introduction to SILC RNG</a><br />
&nbsp;&nbsp;&nbsp; <a href=silcrng.html><img src=box2.gif border=0 alt=>SILC RNG Interface</a><br />
&nbsp;&nbsp;&nbsp; <a href=silccipher.html><img src=box2.gif border=0 alt=>SILC Cipher API</a><br />
&nbsp;&nbsp;&nbsp; <a href=silcpkcs.html><img src=box2.gif border=0 alt=>SILC PKCS API</a><br />
&nbsp;&nbsp;&nbsp; <a href=silcpk.html><img src=box2.gif border=0 alt=>SILC Public Key API</a><br />
&nbsp;&nbsp;&nbsp; <a href=silcpkcs1.html><img src=box2.gif border=0 alt=>SILC PKCS #1 API</a><br />
&nbsp;&nbsp;&nbsp; <a href=silchash.html><img src=box2.gif border=0 alt=>SILC Hash Interface</a><br />
&nbsp;&nbsp;&nbsp; <a href=silchmac.html><img src=box2.gif border=0 alt=>SILC HMAC Interface</a><br />
<a href=silccorelib.html><img src=box.gif border=0 alt=>SILC Core Library</a><br />
&nbsp;&nbsp;&nbsp; <a href=silcauth.html><img src=box2.gif border=0 alt=>SILC Authentication Interface</a><br />
&nbsp;&nbsp;&nbsp; <a href=silcmessage.html><img src=box2.gif border=0 alt=>SILC Message Interface</a><br />
&nbsp;&nbsp;&nbsp; <a href=silcchannel.html><img src=box2.gif border=0 alt=>SILC Channel Interface</a><br />
&nbsp;&nbsp;&nbsp; <a href=silccommand.html><img src=box2.gif border=0 alt=>SILC Command Interface</a><br />
&nbsp;&nbsp;&nbsp; <a href=silcnotify.html><img src=box2.gif border=0 alt=>SILC Notify Interface</a><br />
&nbsp;&nbsp;&nbsp; <a href=silcstatus.html><img src=box2.gif border=0 alt=>SILC Status Types</a><br />
&nbsp;&nbsp;&nbsp; <a href=silcmode.html><img src=box2.gif border=0 alt=>SILC Modes</a><br />
&nbsp;&nbsp;&nbsp; <a href=silcid.html><img src=box2.gif border=0 alt=>SILC ID Interface</a><br />
&nbsp;&nbsp;&nbsp; <a href=silcargument.html><img src=box2.gif border=0 alt=>SILC Argument Interface</a><br />
&nbsp;&nbsp;&nbsp; <a href=silcattrs.html><img src=box2.gif border=0 alt=>SILC Attributes Interface</a><br />
&nbsp;&nbsp;&nbsp; <a href=silcpacket.html><img src=box2.gif border=0 alt=>Packet Engine Interface</a><br />
&nbsp;&nbsp;&nbsp; <a href=silcpubkey.html><img src=box2.gif border=0 alt=>SILC Public Key Payload Interface</a><br />
<a href=silcskelib.html><img src=box.gif border=0 alt=>SILC Key Exchange Library</a><br />
&nbsp;&nbsp;&nbsp; <a href=silcske.html><img src=box2.gif border=0 alt=>SILC SKE Interface</a><br />
&nbsp;&nbsp;&nbsp; <a href=silcconnauth.html><img src=box2.gif border=0 alt=>SILC Connection Authentication Interface</a><br />
<a href=silcvcardlib.html><img src=box.gif border=0 alt=>SILC VCard Library</a><br />
&nbsp;&nbsp;&nbsp; <a href=silcvcard.html><img src=box2.gif border=0 alt=>SILC VCard Interface</a><br />
<a href=silcmathlib.html><img src=box.gif border=0 alt=>SILC Math Library</a><br />
&nbsp;&nbsp;&nbsp; <a href=silcmp.html><img src=box2.gif border=0 alt=>SILC MP Interface</a><br />
&nbsp;&nbsp;&nbsp; <a href=silcmath.html><img src=box2.gif border=0 alt=>SILC Math Interface</a><br />
<a href=silcclientlib.html><img src=box.gif border=0 alt=>SILC Client Library</a><br />
&nbsp;&nbsp;&nbsp; <a href=silcclient_using.html><img src=box2.gif border=0 alt=>Using SILC Client Library Tutorial</a><br />
&nbsp;&nbsp;&nbsp; <a href=command_reply_args.html><img src=box2.gif border=0 alt=>Arguments for <b>command_reply</b> Client Operation</a><br />
&nbsp;&nbsp;&nbsp; <a href=silcstatus_args.html><img src=box2.gif border=0 alt=>SilcStatus Error Arguments in <b>command_reply</b> Client Operation</a><br />
&nbsp;&nbsp;&nbsp; <a href=notifyargs.html><img src=box2.gif border=0 alt=>Arguments for <b>notify</b> Client Operation</a><br />
&nbsp;&nbsp;&nbsp; <a href=silcclient_unicode.html><img src=box2.gif border=0 alt=>Unicode and UTF-8 Strings in Client Library</a><br />
&nbsp;&nbsp;&nbsp; <a href=silcclient.html><img src=box2.gif border=0 alt=>Client Library Interface Reference</a><br />
&nbsp;&nbsp;&nbsp; <a href=silcclient_entry.html><img src=box2.gif border=0 alt=>Client Entry Interface Reference</a><br />
<a href=silcasn1lib.html><img src=box.gif border=0 alt=>SILC ASN.1 Library</a><br />
&nbsp;&nbsp;&nbsp; <a href=silcasn1.html><img src=box2.gif border=0 alt=>SILC ASN.1 Interface</a><br />
&nbsp;&nbsp;&nbsp; <a href=silcber.html><img src=box2.gif border=0 alt=>SILC BER interface</a><br />
<a href=silchttplib.html><img src=box.gif border=0 alt=>SILC HTTP Library</a><br />
&nbsp;&nbsp;&nbsp; <a href=silchttpserver.html><img src=box2.gif border=0 alt=>SILC HTTP Server Interface</a><br />
&nbsp;&nbsp;&nbsp; <a href=silchttpphp.html><img src=box2.gif border=0 alt=>SILC HTTP PHP Translator</a><br />
<a href=silcutillib.html><img src=box.gif border=0 alt=>SILC Utility Library</a><br />
&nbsp;&nbsp;&nbsp; <a href=silctypes.html><img src=box2.gif border=0 alt=>Basic Types and Definitions</a><br />
&nbsp;&nbsp;&nbsp; <a href=silcbuffer.html><img src=box2.gif border=0 alt=>Data Buffer Interface</a><br />
&nbsp;&nbsp;&nbsp; <a href=silcbuffmt.html><img src=box2.gif border=0 alt=>Data Buffer Format Interface</a><br />
&nbsp;&nbsp;&nbsp; <a href=silchashtable.html><img src=box2.gif border=0 alt=>Hash Table Interface</a><br />
&nbsp;&nbsp;&nbsp; <a href=silcmemory.html><img src=box2.gif border=0 alt=>Memory Allocation Interface</a><br />
&nbsp;&nbsp;&nbsp; <a href=silcstack.html><img src=box2.gif border=0 alt=>Data Stack (memory pool) Interface</a><br />
&nbsp;&nbsp;&nbsp; <a href=silcfsm.html><img src=box2.gif border=0 alt=>Finite State Machine Interface</a><br />
&nbsp;&nbsp;&nbsp; <a href=silcthread.html><img src=box2.gif border=0 alt=>Thread Interface</a><br />
&nbsp;&nbsp;&nbsp; <a href=silcmutex.html><img src=box2.gif border=0 alt=>Mutual Exclusion Lock Interface</a><br />
&nbsp;&nbsp;&nbsp; <a href=silccond.html><img src=box2.gif border=0 alt=>Condition Variable Interface</a><br />
&nbsp;&nbsp;&nbsp; <a href=silcatomic.html><img src=box2.gif border=0 alt=>Atomic Operations Interface</a><br />
&nbsp;&nbsp;&nbsp; <a href=silcnet.html><img src=box2.gif border=0 alt=>Network (TCP and UDP) Interface</a><br />
&nbsp;&nbsp;&nbsp; <a href=silcschedule.html><img src=box2.gif border=0 alt=>Scheduler Interface</a><br />
&nbsp;&nbsp;&nbsp; <a href=silcasync.html><img src=box2.gif border=0 alt=>Asynchronous Operation Interface</a><br />
&nbsp;&nbsp;&nbsp; <a href=silcstream.html><img src=box2.gif border=0 alt=>Abstract Stream Interface</a><br />
&nbsp;&nbsp;&nbsp; <a href=silcsocketstream.html><img src=box2.gif border=0 alt=>Socket Stream Interface</a><br />
&nbsp;&nbsp;&nbsp; <a href=silcfdstream.html><img src=box2.gif border=0 alt=>File Descriptor Stream Interface</a><br />
&nbsp;&nbsp;&nbsp; <a href=silcfileutil.html><img src=box2.gif border=0 alt=>File Utility Functions</a><br />
&nbsp;&nbsp;&nbsp; <a href=silcstrutil.html><img src=box2.gif border=0 alt=>String Utility Interface</a><br />
&nbsp;&nbsp;&nbsp; <a href=silcsnprintf.html><img src=box2.gif border=0 alt=>Snprintf Interface</a><br />
&nbsp;&nbsp;&nbsp; <a href=silcutf8.html><img src=box2.gif border=0 alt=>UTF-8 String Interface</a><br />
&nbsp;&nbsp;&nbsp; <a href=silcstringprep.html><img src=box2.gif border=0 alt=>Stringprep Interface</a><br />
&nbsp;&nbsp;&nbsp; <a href=silcutil.html><img src=box2.gif border=0 alt=>Utility Functions</a><br />
&nbsp;&nbsp;&nbsp; <a href=silclist.html><img src=box2.gif border=0 alt=>List Interface</a><br />
&nbsp;&nbsp;&nbsp; <a href=silcdlist.html><img src=box2.gif border=0 alt=>Dynamic List Interface</a><br />
&nbsp;&nbsp;&nbsp; <a href=silcmime.html><img src=box2.gif border=0 alt=>MIME Interface</a><br />
&nbsp;&nbsp;&nbsp; <a href=silctime.html><img src=box2.gif border=0 alt=>Time Utility Functions</a><br />
&nbsp;&nbsp;&nbsp; <a href=silclog.html><img src=box2.gif border=0 alt=>Logging Interface</a><br />
&nbsp;&nbsp;&nbsp; <a href=silcconfig.html><img src=box2.gif border=0 alt=>Config File Interface</a><br />
<a href=silcskrlib.html><img src=box.gif border=0 alt=>SILC Key Repository Library</a><br />
&nbsp;&nbsp;&nbsp; <a href=silcskr.html><img src=box2.gif border=0 alt=>SILC SKR Interface</a><br />
<a href=silcaputillib.html><img src=box.gif border=0 alt=>SILC Application Utility Library</a><br />
&nbsp;&nbsp;&nbsp; <a href=silcapputil.html><img src=box2.gif border=0 alt=>SILC Application Utilities</a><br />
&nbsp;&nbsp;&nbsp; <a href=silcidcache.html><img src=box2.gif border=0 alt=>SILC ID Cache Interface</a><br />
<a href=silcsftplib.html><img src=box.gif border=0 alt=>SILC SFTP Library</a><br />
&nbsp;&nbsp;&nbsp; <a href=silcsftp.html><img src=box2.gif border=0 alt=>SILC SFTP Interface</a><br />
&nbsp;&nbsp;&nbsp; <a href=silcsftp_fs.html><img src=box2.gif border=0 alt=>SFTP Filesystems Interface</a><br />

<br />
<b>Resource Links</b>
<br />
<a href="http://silcnet.org"><img src="box.gif" border="0" alt="">SILC Project Website</a><br />
<a href="http://silcnet.org/support/documentation/"><img src="box.gif" border="0" alt="">SILC Protocol Documentation</a><br />
<a href="http://silcnet.org/support/documentation/wp/"><img src="box.gif" border="0" alt="">SILC White Paper</a><br />
<a href="http://silcnet.org/support/faq/"><img src="box.gif" border="0" alt="">SILC FAQs</a><br />

</small>
<br /><br /><br /><br />
    </td></tr>
   </table>
  </td>

  <td bgcolor="#cccccc" background="dot.gif">
   <img src="space.gif" width="1" height="1" border="0" alt=""></td>

  <td width="720" bgcolor="#ffffff">
   <img src="space.gif" width="1" height="1" border="0" alt="">
   <table cellpadding="2" cellspacing="6" width="100%">
    <tr><td valign="top">
<br />
<big><b>Introduction to Random Number Generator</b></big>

<br />&nbsp;<br />&nbsp;<br />
<b>Overview</b>

<br />&nbsp;<br />
SILC Random Number Generator is cryptographically strong pseudo random
number generator. It is used to generate all the random numbers needed
in the SILC sessions. All key material and other sources needing random
numbers use this generator.

<br />&nbsp;<br />
The RNG has a random pool of 1024 bytes of size that provides the actual
random numbers for the application. The pool is initialized when the
RNG is allocated and initialized with silc_rng_alloc and silc_rng_init
functions, respectively. 


<br />&nbsp;<br />&nbsp;<br />
<b>Random Pool Initialization</b>

<br />&nbsp;<br />
The RNG's random pool is the source of all random output data. The pool is
initialized with silc_rng_init and application can reseed it at any time
by calling the silc_rng_add_noise function.

<br />&nbsp;<br />
The initializing phase attempts to set the random pool in a state that it
is impossible to learn the input data to the RNG or any random output
data. This is achieved by acquiring noise from various system sources. The
first source is called to provide "soft noise". This noise is various
data from system's processes. The second source is called to provide
"medium noise". This noise is various output data from executed commands.
Usually the commands are Unix `ps' and `ls' commands with various options.
The last source is called to provide "hard noise" and is noise from
system's /dev/random, if it exists.


<br />&nbsp;<br />&nbsp;<br />
<b>Stirring the Random Pool</b>

<br />&nbsp;<br />
Every time data is acquired from any source, the pool is stirred. The
stirring process performs an CFB (cipher feedback) encryption with SHA1
algorithm to the entire random pool. First it acquires an IV (Initial
Vector) from the constant (random) location of the pool and performs
the first CFB pass. Then it acquires a new encryption key from variable
location of the pool and performs the second CFB pass. The encryption
key thus is always acquired from unguessable data.

<br />&nbsp;<br />
The encryption process to the entire random pool assures that it is
impossible to learn the input data to the random pool without breaking the
encryption process. This would effectively mean breaking the SHA1 hash
function. The encryption process also assures that each random output from
the random pool is secured with cryptographically strong function, the
SHA1 in this case.

<br />&nbsp;<br />
The random pool can be restirred by the application at any point by
calling the silc_rng_add_noise function. This function adds new noise to
the pool and then stirs the entire pool.


<br />&nbsp;<br />&nbsp;<br />
<b>Stirring Thresholds</b>

<br />&nbsp;<br />
The random pool has two thresholds that controls when the random pool
needs more new noise and requires restirring. As previously mentioned, the
application may do this by calling the silc_rng_add_noise. However, the
RNG performs this also automatically.

<br />&nbsp;<br />
The first threshold gets soft noise from system and stirs the random pool.
The threshold is reached after 64 bits of random data has been fetched
from the RNG. After the 64 bits, the soft noise acquiring and restirring
process is performed every 8 bits of random output data until the second
threshold is reached.

<br />&nbsp;<br />
The second threshold gets hard noise from system and stirs the random
pool. The threshold is reached after 160 bits of random output. After the
noise is acquired (from /dev/urandom) the random pool is stirred and the
thresholds are set to zero. The process is repeated again after 64 bits of
output for first threshold and after 160 bits of output for the second
threshold.


<br />&nbsp;<br />&nbsp;<br />
<b>Internal State of the Random Pool</b>

<br />&nbsp;<br />
The random pool has also internal state that provides several variable
distinct points to the random pool where the data is fetched. The state
changes every 8 bits of output data and it is guaranteed that the fetched
8 bits of data is from distinct location compared to the previous 8 bits.
It is also guaranteed that the internal state never wraps before
restirring the entire random pool. The internal state means that the data
is not fetched linearly from the pool, eg. starting from zero and wrapping
at the end of the pool. The internal state is not dependent of any random
data in the pool. The internal states are initialized (by default the pool
is splitted to four different sections (states)) at the RNG
initialization phase. The state's current position is added linearly and
wraps at the the start of the next state. The states provides the distinct
locations.


<br />&nbsp;<br />&nbsp;<br />
<b>Security Considerations</b>

<br />&nbsp;<br />
The security of this random number generator, like of any other RNG's,
depends of the initial state of the RNG. The initial state of the random
number generators must be unknown to an adversary. This means that after
the RNG is initialized it is required that the input data to the RNG and
the output data to the application has no correlation of any kind that
could be used to compromise the acquired random numbers or any future
random numbers. 

<br />&nbsp;<br />
It is, however, clear that the correlation exists but it needs to be
hard to solve for an adversary. To accomplish this the input data to the
random number generator needs to be secret. Usually this is impossible to
achieve. That is why SILC's RNG acquires the noise from three different
sources and provides for the application an interface to add more noise at
any time. The first source ("soft noise") is known to the adversary but
requires exact timing to get all of the input data. However, getting only
partial data is easy. The second source ("medium noise") depends on the
place of execution of the application. Getting at least partial data is
easy but securing for example the user's home directory from outside access
makes it harder. The last source ("hard noise") is considered to be the
most secure source of data. An adversary is not considered to have any
access on this data. This of course greatly depends on the operating system.

<br />&nbsp;<br />
These three sources are considered to be adequate since the random pool is
relatively large and the output of each bit of the random pool is secured
by cryptographically secure function, the SHA1 in CFB mode encryption.
Furthermore the application may provide other random data, such as random
key strokes or mouse movement to the RNG. However, it is recommended that
the application would not be the single point of source for the RNG, in
either intializing or reseeding phases later in the session. Good solution
is probably to use both, the application's seeds and the RNG's own
sources, equally.

<br />&nbsp;<br />
The RNG must also assure that any old or future random numbers are not
compromised if an adversary would learn the initial input data (or any
input data for that matter). The SILC's RNG provides good protection for
this even if the some of the input bits would be compromised for old or
future random numbers. The RNG reinitalizes (reseeds) itself using the
thresholds after every 64 and 160 bits of output. This is considered to be
adequate even if some of the bits would get compromised. Also, the
applications that use the RNG usually fetches at least 256 bits from the
RNG. This means that everytime RNG is accessed both of the thresholds are
reached. This should mean that the RNG is never too long in an compromised
state and recovers as fast as possible.


<br />&nbsp;<br />&nbsp;<br />
<b>Caveat Windows Programmer</b>

<br />&nbsp;<br />
The caller must be cautios when using this RNG with native WIN32 system.
The RNG most likely is impossible to set in unguessable state just by
using the RNG's input data sources.  On WIN32 it is stronly suggested
that caller would add more random noise after the initialization of the
RNG using the silc_rng_add_noise function.  For example, random mouse
movements may be used.

<br /><br /><br /><br />
    </td></tr>
   </table>
  </td>

  <td bgcolor="#cccccc" background="dot.gif">
   <img src="space.gif" width="1" height="1" border="0" alt=""></td>

  <td width="180" bgcolor="#f0f0f0">
    <img src="space.gif" width="1" height="1" border="0" alt="">
    <table width="100%" cellpadding="4" cellspacing="0">
    <tr valign="top"><td>
<br />
<font face="Helvetica,Arial,Sans-serif" size="1">
</font>

<br /><br /><br /><br />
    </td></tr>
    </table>
  </td>
</tr>
</table>

<table border="0" cellspacing="0" cellpadding="0" width="100%">
<tr bgcolor="#444444"><td><img src="space.gif" width="1" height="1"border="0" alt="" ></td></tr>
</table>
<table border="0" cellspacing="0" cellpadding="6" width="100%">
 <tr valign="top" bgcolor="#dddddd">
  <td><small>Copyright &copy; 2001 - 2007 SILC Project<br />
    <a href="http://silcnet.org">SILC Project Website</a></small></td>
  <td align="right"><small>
   <a href="index.html">SILC Toolkit Reference Manual</a><br />
   <a href="toolkit_index.html">Index</a></small></td>
   </small></td>
 </tr>
</table>

</body>
</html>