一种Linux用户空间下的快速伪随机数生成算法

随机数发生器是网络安全应用中的重要组成部分,对于构造加密算法的密钥具有重要作用.Linux操作系统提供了内核级随机数发生器,但因其随机数产生效率较低而不宜将其应用于密钥变换频繁的网络安全应用.给出了一个快速伪随机数生成算法.算法以64?bit硬件高频计数器作为随机数源.算法将计数器的低32?bit放入集合中,然后通过SHA(Security Hash Algorithm)算法对集合进行处理,并采用集合的前16?byte作为随机数输出.采用非参数检验方法检验算法产生的随机数质量,测试结果表明算法产生的随机数具有较高的安全性.同时由于算法运行在用户空间,比Linux的内核级随机数发生器具有较高的随机数生成效率.

Fast algorithm for pseudo random number generation in Linux user space

RNGs(random number generators) are important building blocks for algorithms in security applications. They are paramount in construction of encryption keys. For security applications with key exchange in high frequency, the two RNGs provided by Linux kernel are not acceptable because of their low efficiency. An algorithms for fast pseudo random number generation as proposed is implemented in Linux user space. The source of random number is a high-frequency 64?bit counter. The lowest 4?bytes of the counter are added in a pool, then the pool is hashed with SHA(security hash algorithm). The first 16?bytes of the hash are output. This process is repeated until the requested number of random number is achieved. Several statistical tests are employed to investigate the randomness of RNGs. The results show that the quality of random number generated are guaranteed. Due to its running in Linux user space, this algorithm has much higher efficiency than Linux’s two RNGs.