3

Hardware based random number generators (RNG) get their randomness from the noise around. Software based generators get this usually from user input, like moving the mouse over a screen (like TrueCrypt does).

What makes hardware RNGs safer (more random) than software based generators?

Eelke
  • 506
  • 1
  • 5
  • 18
  • https://security.stackexchange.com/questions/79275/are-humans-a-strong-or-weak-rng?rq=1 I haven't seen a table of the million most common wiggles, but I assume someone is working on it. –  May 22 '17 at 16:06
  • But if a wiggle is off by a few pixels it may lead to a tottaly different IV for the RNG. So brute forcing the wigle (from most common gestures) may cost a heck of a lot of time – Eelke May 22 '17 at 16:13
  • What you describe (moving your mouse randomly to generate a number) is a hardware based RNG, the hardware doing the sampling is the mouse, the entropy is created by the monkey moving the mouse, and it might not be as random as you would want it to be. – daniel May 23 '17 at 12:27
  • 1
    @daniel While that's a valid way to think of it, it's not particularly useful. Ultimately everything is going to be hardware in the end. Spinning HD timing has physical arms with unpredictable seek times, networks have NICs with unpredictable packet arrival times, etc. Hardware RNGs are simply just simple random sources that are easier to understand, and more likely to predict the amount of entropy they produce. – Steve Sether May 23 '17 at 13:37
  • @SteveSether no software will always be software, even if it runs on hardware. You could consider software to be arithmetic and then I can justify using this quote "Any one who considers arithmetical methods of producing random digits is, of course, in a state of sin." – daniel May 23 '17 at 13:53

2 Answers2

4

To answer directly: the SW ones are based on computer algorithms that can be predictable or limited.

Read this comparison here with advantages and disadvantages. Generally, the average HW RNG is better compared to the average SW RNG.

But although HW RNG is called 'true' and SW RNG (being based on an algorithm) is called 'pseudo', I do not consider that a hardware RNG is always better.

In the case of hardware, it's all about how well the design is, how far does it go with the implementation and what else can affect the result.

In the case of user input, it becomes a matter of how well a user can randomize. A mouse-moving-based RNG can be better or worse compared to an average hardware one depending on user skill. Likewise, a hardware RNG can be better or worse than the average mouse-moving-based RNG depending on the skill of the HW designer.

Overmind
  • 8,779
  • 3
  • 19
  • 28
4

Software RNG have an inner state that is updated by input noise. This state is also shuffled by retrieving values from the generator.

Basic hardware RNG do not have an inner state. Good hardware generator will continuously seed a software RNG to avoid distribution problems and to avoid interference (the input noise could not be that random under an attack).

If the state of a software RNG leaks or is made public, it will not provide any randomness, because an attacker will be able to generate the same outputs. In this way, an hardware RNG is better because it doesn't have a state that can leak. For example, some software RNG have a state that is initialized with public or poor data before they can gather enough noise. This is a problem with VMs that share the same initial state (avoid generating SSH or PGP keys on a VM). On the other hand, a basic hardware generator can, in theory, be influenced by it's input.

A. Hersean
  • 10,046
  • 3
  • 28
  • 42