Userspace entropy: You too can dabble in voodoo!

Userspace entropy: You too can dabble in voodoo!

By Dana Jacobsen (‎danaj‎) from PDX.pm
Date: Tuesday, 21 June 2016 13:30
Duration: 20 minutes
Target audience: Intermediate
Language: English
Tags: cpan csprng entropy prng rand random randomness voodoo


"Any one who considers arithmetical methods of producing random digits is, of course, in a state of sin." (John von Neumann) As anyone who has perused the internet knows, the state of sin has a high population. The Math::TrulyRandom module was written in 1996 and continues to be recommended in the perl core documentation. The author of the underlying algorithm now disavows the method and calls it "voodoo entropy."

We need entropy to provide good seeds for random number generation. Bad seeding can ruin the best cryptography or scientific experiment. Most operating systems have since incorporated entropy generation into the kernel, with various methods to retrieve it, e.g. /dev/[u]random, arc4random, Win32 API. Sometimes we don't have access to this, which is where userspace entropy comes in.

This talk will go over the Math::TrulyRandom and Crypt::Random::TESHA2 modules; their history, purpose, and operation; methods for gathering entropy; O/S entropy methods; and hardware methods for generating entropy.

Dana Jacobsen is the author of the Crypt::Random::TESHA2 module as well as patches for the Math::TrulyRandom module.


Attended by: Dana Jacobsen (‎danaj‎), Todd Rinaldo (‎toddr‎), Steve Nolte (‎mcsnolte‎), James Lenz (‎Jim‎), gary, Matt Creenan, Dylan Hardison (‎dylan‎), Rish, brian carlson, Rob Schaber, Ben Tyler, Doug Bell (‎preaction‎), Jon Gentle (‎atrodo‎), Michael Hamlin (‎myrrhlin‎), Walt Mankowski (‎waltman‎), Ben Rosengart, Deven Corzine (‎deven‎), David Hand (‎Ptolemarch‎),