True Random Number Generation for "random" pattern

[OS_Law]

I know this will probably erupt into some kind of crypto flame war :roll: over true cryptographically secure PRNG for wiping purposes, but I suggest that the next version (if ever there will be one) include a client that polls either http://www.random.org or http://www.lavarnd.org for a TRUE random number seed (much the way that XP now polls the net for a timeserver to keep the system clock accurate), or if net access is unavailable for that system then it can fall back on the ISAAC method.

There is example code and clients at each of the above-listed sites so incorporating this feature should not be overly burdensome.

 

[garrett01]

While 'extra random' numbers is a good idea for the first few passes, It may actually be more secure to use the pattern of an existing dll or exe in the last passes i.e have a real data source as the final passes giving the drive the appearance of normal usage.

>>if ever there will be one
This is one of the features of the next release. Currently the user 'wants'
now exceed 8 A4 pages.


Garrett

 

[OS_Law]

next version

heh. Well, I'm glad to see that there's hope for a future update. It seems like a long time since the last one. . . I put this out there mainly because I saw on open flame war in an earlier post on just this subject and because I found two sites that gave code to obtain true random numbers - this would make it easier to implement. Also, it gives this OS project something to brag about over the commercial products which I don't believe offer this feature. In any event, polling for randoms would prob be faster than entropy polling.

It's clear that you've got lots of feature requests and lots to sort out. Everyone out here understands the difficulty of hosting a project like this and appreciates your efforts. Take care.

 

[Anonymous]

I suggest that the next version (if ever there will be one) include a client that polls either www.random.org or www.lavarnd.org for a TRUE random number seed

Umm, why? If there is enough entropy available from the system for generating encryption keys, there is more than enough for overwriting. Besides, if you download a bunch of random numbers from the web over an unencrypted connection, how is that better than using any other known data for seeding the generator?

Basically, random data from online sources might be good for statistical purposes, not necessarily for security.

if net access is unavailable for that system then it can fall back on the ISAAC method

Are you sure you have understood how the current PRNG works? ISAAC is always used for generating the data used for overwriting, mostly because it is one of the fastest cryptographically strong PRNGs available. How the ISAAC is seeded is entirely another matter. Currently, Eraser uses a cryptographically strong PRNG quite similar in design to the one in the GNU Privacy Guard for seeding the ISAAC generator and shuffling the order of overwriting passes.

I know this will probably erupt into some kind of crypto flame war

You have to understand that the chain is only as strong as its weakest link, and the PRNG is not the weakest link here by any standard.

It may actually be more secure to use the pattern of an existing dll or exe in the last passes

That's more like security through obscurity, no? I mean, it doesn't make it more difficult to recover the data, it is just done in hopes of fooling the attacker not to take a closer look.