[pycrypto] Use of Fortuna Algo / Seeding Randomness
Dwayne C. Litzenberger
dlitz at dlitz.net
Fri Jan 13 11:44:01 EST 2012
On Sat, Nov 19, 2011 at 09:21:43AM -0800, Ben Smith wrote:
>Hi Everyone -
>I'm new to this package, so I'm sure I'm just dumb and it is obvious how
>to do this. I want to use the fortuna algo in a simulation environment
>(economics if anyone cares), my particular problem I'm trying to solve
>would be biased using Mersenne twister (which seems to be the default
>everyone uses), and fortuna seems to be the best option given the aspects
>of randomness I care about for this problem.
>Anyhow, I want to seed fortuna with a file I have of atmospheric noise; I
>haven't been able to find a doc specifying how to do this.
There's no supported way of doing this in PyCrypto. The best way to do
this, on Linux, would be to just write the data to /dev/random (or install
the "entropy-gathering daemon") and just use Crypto.Random normally. You
won't be able to tell the difference (and if you do, it's a security hole
that should be disclosed!)
In theory, however, you could edit
Crypto/Random/_UserFriendlyRNG._EntropyCollector and add another
_EntropySource instance, then invoke the _EntropySource#feed method for
each atmospheric noise reading.
Fortuna's accumulator has 32 pools, and the idea is to spread the entropy
uniformly across these pools. This is ultimately done by invoking
FortunaAccumulator#add_random_event, which takes the following parameters:
A fixed number (from 0 to 255) that is unique for each entropy
source. PyCrypto selects numbers starting from 255, so I suggest
that you use a numbers starting from 0.
Every time your entropy source invokes add_random_event, it should
increment this number, starting at 0, 1, ..., 31, and then wrapping
back to 0.
The bytes representing your random data.
Honestly, though, you should just use Crypto.Random as-is. If this is a
desktop computer with a keyboard and mouse, there's really no reason to
delve into the implementation of Crypto.Random. Your operating system
already has enough entropy to generate cryptographically-secure random
numbers that are indistinguishable from a truly random source.
Dwayne C. Litzenberger <dlitz at dlitz.net>
OpenPGP: 19E1 1FE8 B3CF F273 ED17 4A24 928C EC13 39C2 5CF7
More information about the pycrypto