Random Numbers Matter: Ode to LFSR, And The Future?
At the core of your online security is the generation of random numbers. If these numbers are not random, there’s a good chance your security will be compromised. Every day trillions of random numbers are created and used in the creation of secure tunnels for our data.
So, are our random numbers actually random? Well, they are not actually truly random numbers but are pseudo-random. This is where we have a mathematical process for creating the random number and based on a random seed value. This random value is typically based on some random activity within the operating system. Now a new presentation by Jason Donenfel (zx2c4) outlines some of the flaws contained within the Linux Kernel for creating random numbers [here] [presentation]:
The method uses LFSR (Linear Feedback Shift Register), and which goes back to 1994. It is still generally old code that has been modified to suit a wide variety of needs. Overall, we have a given state for our random number generation (S), and where the next state is computed by taking a matrix (A) and multiplying it with the current state, and then EX-ORing this with X:
