[pycrypto] Use of Fortuna Algo / Seeding Randomness

Dwayne C. Litzenberger dlitz at dlitz.net
Fri Jan 13 11:44:01 EST 2012

On Sat, Nov 19, 2011 at 09:21:43AM -0800, Ben Smith wrote:
>Hi Everyone -
>I'm new to this package, so I'm sure I'm just dumb and it is obvious how 
>to do this.    I want to use the fortuna algo in a simulation environment 
>(economics if anyone cares), my particular problem I'm trying to solve 
>would be biased using Mersenne twister (which seems to be the default 
>everyone uses), and fortuna seems to be the best option given the aspects 
>of randomness I care about for this problem.
>Anyhow, I want to seed fortuna with a file I have of atmospheric noise; I 
>haven't been able to find a doc specifying how to do this.

There's no supported way of doing this in PyCrypto.  The best way to do 
this, on Linux, would be to just write the data to /dev/random (or install 
the "entropy-gathering daemon") and just use Crypto.Random normally.  You 
won't be able to tell the difference (and if you do, it's a security hole 
that should be disclosed!)

In theory, however, you could edit 
Crypto/Random/_UserFriendlyRNG._EntropyCollector and add another 
_EntropySource instance, then invoke the _EntropySource#feed method for 
each atmospheric noise reading.

Fortuna's accumulator has 32 pools, and the idea is to spread the entropy 
uniformly across these pools.  This is ultimately done by invoking 
FortunaAccumulator#add_random_event, which takes the following parameters:

     - source_number
         A fixed number (from 0 to 255) that is unique for each entropy 
         source.  PyCrypto selects numbers starting from 255, so I suggest 
         that you use a numbers starting from 0.
     - pool_number
         Every time your entropy source invokes add_random_event, it should 
         increment this number, starting at 0, 1, ..., 31, and then wrapping 
         back to 0.
     - data
         The bytes representing your random data.

Honestly, though, you should just use Crypto.Random as-is.  If this is a 
desktop computer with a keyboard and mouse, there's really no reason to 
delve into the implementation of Crypto.Random.  Your operating system 
already has enough entropy to generate cryptographically-secure random 
numbers that are indistinguishable from a truly random source.

- Dwayne

Dwayne C. Litzenberger <dlitz at dlitz.net>
  OpenPGP: 19E1 1FE8 B3CF F273 ED17  4A24 928C EC13 39C2 5CF7

More information about the pycrypto mailing list