Why random Matters

Edward Snowden, who really ought to know, says you can only trust the math. It is only the hard factorisation problem that keeps crpytography safe. That and the assumption that a really random number has been chosen.

Public Key explained

Diffie Helman key exchange / SSL

When Random goes wrong

cf Debian

Sources of entropy

Session Management - Keeping it simple

For many applications, a time-limited, shared secret over a secure channel is quite good enough for proving who the other end is - this is session management. And a shared secret is

SOme views from tpateck?

Timing Python Code

Python has a useful library for timing small or large functions - timeit.

Lets say we want to compare getting system random numbers to PRNG random numbers. Lets grab 10,000 random numbers, count how long it takes to grab them. That way I can know which is faster PRNG or real. (I think we can guess)

[pbrian@localhost chapters]$ python randomness.py

[0.47841713243204875, 0.9106930754528739, 0.10139849285025149] [0.47841713243204875, 0.9106930754528739, 0.10139849285025149] [0.00025916099548339844]

[0.6060143833031767, 0.6573259634008972, 0.586415954525388] [0.38238270018686693, 0.8731295368542729, 0.1982646979928232] [0.011247873306274414]

By my measures, 0.00862002372742 0.168267965317

PRNG is 20 times faster than system random. WHich for getting real randomness, is pretty good.

Getting estimates of entropy??

RSA explained https://en.wikipedia.org/wiki/RSA_(cryptosystem)#Example