Author

Topic: TrueCrypt Hardware RNG (Read 1407 times)

administrator
Activity: 5222
Merit: 13032
July 26, 2011, 03:04:08 AM
#7
So i can assume that truecrypt does not have any functionality built in to import a file with random data.

I'm pretty sure there is no such function.
legendary
Activity: 1596
Merit: 1012
Democracy is vulnerable to a 51% attack.
July 26, 2011, 03:02:51 AM
#6
Is there such a thing? A hardware random number generator that can be used with truecrypt, or a way to import raw random data.
On Windows, TrueCrypt imports entropy from the system RNG. So long as your hardware RNG pushes entropy into the system pool. TrueCrypt will use it.

Per http://www.truecrypt.org/docs/?s=random-number-generator
"The pool, which is 320 bytes long, is filled with data from the following sources:  ... MS Windows only: MS Windows CryptoAPI (collected regularly at 500-ms interval)"

The MS Windows CryptoAPI source produces cryptographically-strong random numbers even without a hardware RNG. It is designed for exactly this purpose. TrueCrypt uses other sources as well just in case there's some defect in CryptoAPI (and to be assured of similar security properties across platforms), but no defect is known or suspected.

If you'd like to add randomness to the system source, you can easily do so, and TrueCrypt will get it. Just pass it to 'CryptGenRandom' as the auxiliary seed. If the file is large, you may just wish to pass a hash of it. I don't think there is any benefit to doing this, but you certainly can if you wish. Here's the basic code:

bool TradeEntropy(void *ptr, int len)
{ // Exchange some entropy with the CryptoAPI
 char namebuf[512];
 DWORD count = 500;
 
 HCRYPTPROV handle;
 
 if(!CryptGetDefaultProvider(PROV_RSA_FULL, NULL, CRYPT_MACHINE_DEFAULT,
                             namebuf, &count))
   // unable to get default provider
  return false;
 
 if(!CryptAcquireContext(&handle, NULL, namebuf, PROV_RSA_FULL,
                         CRYPT_VERIFYCONTEXT | CRYPT_SILENT))
  // Unable to acquire provider
  return false;

 if(!CryptGenRandom(handle, len, (BYTE *) ptr))
 { // Could not exchange entropy
  CryptReleaseContext(handle, 0);
  return false;
 }
 
 CryptReleaseContext(handle, 0);
 return true;
}
sr. member
Activity: 350
Merit: 251
July 26, 2011, 02:46:05 AM
#5
So i can assume that truecrypt does not have any functionality built in to import a file with random data.
administrator
Activity: 5222
Merit: 13032
July 26, 2011, 02:17:46 AM
#4
TrueCrypt uses the system's random number generation facility, so on Linux you can just write to /dev/random.
sr. member
Activity: 350
Merit: 251
July 26, 2011, 12:27:58 AM
#3
yeah but how do you use it with truecrypt, i can make my own easily enough
legendary
Activity: 1148
Merit: 1001
Radix-The Decentralized Finance Protocol
July 26, 2011, 12:24:55 AM
#2
Is there such a thing? A hardware random number generator that can be used with truecrypt, or a way to import raw random data.

I have that hardware here right by me. Just tell me how long do you want the number to be and for a low fee I will provide you with a trully 100% guarantee random number. Wink
sr. member
Activity: 350
Merit: 251
July 26, 2011, 12:23:04 AM
#1
Is there such a thing? A hardware random number generator that can be used with truecrypt, or a way to import raw random data.
Jump to: