Behind Intel’s New Random-Number Generator

Imagine that it’s 1995 and you’re about to make your very first online purchase. You open your Netscape browser, sipping coffee as the home page slowly loads. You then navigate to Amazon.com, a new online bookstore your friend told you about. As you proceed to make your purchase and enter your payment information, the address your browser points to changes from one starting with “http” to one that begins with “https.” That signals that your computer has established an encrypted connection with Amazon’s server. This allows you to send credit card information to the server without worrying that an identity thief will intercept the transmission.

Unfortunately, your first online transaction was doomed from the start: It will soon be discovered that the supposedly secure transfer protocol your browser just followed wasn’t very secure after all.

The problem was that the secret keys Netscape was using weren’t random enough. They were strings of only 40 bits, meaning there were around a trillion possible number combinations. That may seem like a lot, but hackers were able to break these codes, even with mid-1990s computer speeds, in about 30 hours. The nominally random number Netscape used to form a secret key was based on just three values-time of day, process identification number, and parent-process identification number-all of them predictable. This allowed the attackers to reduce the number of keys that they needed to try, and to find the right one much sooner than Netscape had anticipated.

Photo: iStockphoto

A Whole Lot of Lava
Lavarand was developed in 1996 to generate randomness from lava lamps. Over a million people grabbed numbers from the Lavarand website.

Netscape’s programmers would have loved to use a completely random number to form the encryption key, but they had a hard time figuring out how to come up with one. That’s because digital computers are always in well-defined states, which change only when the programs they are running tell them to change. The best you can often do with a computer is to simulate randomness, generating what are called pseudorandom numbers by using some sort of mathematical procedure. A set of such numbers may at first glance look perfectly random, but somebody else using the same procedure could easily generate exactly the same set of numbers, which often makes them a poor choice for encryption.

Researchers have managed to devise pseudorandom-number generators that are considered cryptographically secure. But you must still start them off using a special seed value; otherwise, they’ll always generate the same list of numbers. And for that seed, you really want something that’s impossible to predict.

Fortunately, it’s not hard to harvest truly unpredictable randomness by tapping the chaotic universe that surrounds a computer’s orderly, deterministic world of 1s and 0s. But how exactly do you do that?

For several years, you could find an online source of random numbers, called Lavarand. It got its numbers from the pictures a computer took of the waxy blobs churning away inside lava lamps. More sophisticated hardware-based systems use quantum-mechanical phenomena, such as photons striking a half-silvered mirror, as a basis for generating random numbers. You can even get an ordinary unassisted computer to produce random numbers based on erratic events taking place within its own mundane hardware-the precise timing of keystrokes, for example. But to get many of these numbers, you’d need to hammer away at a lot of keys.

We and our colleagues at Intel think this should be easier. That’s why for more than a decade now, many of our company’s chip sets have included an analog, hardware-based random-number generator. The problem is that its analog circuitry squanders power. Also, it’s hard to keep that analog circuitry working properly as we improve our fabrication processes. That’s why we have now developed a new and entirely digital system that allows a microprocessor to produce a copious stream of random values without those difficulties. Soon it will be coming to a processor near you.

Leave a Reply

Your email address will not be published. Required fields are marked *

*