1 Overview The learning objective of this lab is for students to get familiar with the concepts of random numbers in Linux environment. After finishing the lab, students should be able to gain a first-hand experience on randomization. The virtual machine used in this lab can be found here https://seedsecuritylabs.org/lab_ env.html and the lab URL can be found http://www.cis.syr.edu/wedu/seed/Labs_12. 04/Crypto/Crypto_Encryption/ 2 Lab Tasks 2.1 Task 1: Pseudo Random Number Generation Generating random numbers is a quite common task in security software. In many cases, encryption keys are not provided by users, but are instead generated inside the software. Their randomness is extremely important; otherwise, attackers can predict the encryption key, and thus defeat the purpose of encryption. Many developers know how to generate random numbers (e.g. for Monte Carlo simulation) from their prior experiences, so they use the similar methods to generate the random numbers for security purpose. Unfortunately, a sequence of random numbers may be good for Monte Carlo simulation, but they may be bad for encryption keys. Developers need to know how to generate secure random numbers, or they will make mistakes. Similar mistakes have been made in some well-known products, including Netscape and Kerberos. In this task, students will learn a standard way to generate pseudo random numbers that are good for security purposes.

Task 1.A: Measure the Entropy of Kernel To generate good pseudo random numbers, we need to start with something that is random; otherwise, the outcome will be quite predictable. Software (i.e. in the virtual world) is not good at creating randomness, so most systems resort to the physical world to gain the randomness. Linux gains the randomness from the following physical resources: void add_keyboard_randomness(unsigned char scancode); void add_mouse_randomness(__u32 mouse_data); void add_interrupt_randomness(int irq); void add_blkdev_randomness(int major);

SEED Labs 2 The first two are quite straitforward to understand: the first one uses inter-keypress timing and scancode, and the second one uses mouse movement and interrupt timing . The third one gathers random numbers using the interrupt timing. Of course, not all interrupts are good sources of randomness. For example, the timer interrupt is not a good choice, because it is predictable. However, disk interrupts are a better measure. The last one measures the finishing time of block device requests. The randomness is measured using entropy, which is different from the meaning of entropy in the information theory. Here, it simply means how many bits of random numbers the system currently has. You can find out how much entropy the kernel has at the current moment using the following command. % cat /proc/sys/kernel/random/entropy_avail Please move and click your mouses, type somethings, and run the program again. Please describe your observation in your report.