All encryption algorithms, both symmetric and asymmetric, in use today are at some point based on truly random keys. An attacker should not be able to guess what passwords or cryptographic keys are used. The use of pseudo-random processes to generate secret quantities can result in pseudo-security. The sophisticated attacker of these security systems may find it easier to reproduce an approximation of the environment that produced the secret quantities, searching the resulting small set of possibilities, than to locate the quantities in the whole of the number space.

Choosing random quantities to foil a resourceful and motivated adversary is surprisingly difficult. This chapter describes some of the underlying theory and gives examples of possible random number sources.

Wed Apr 10 14:07:30 MET DST 1996