Random 128 Bit Key Generator

18.04.2020by
Random 128 Bit Key Generator 8,7/10 9375 reviews
  1. Random Key Generator
  2. 128 Bit Key Generator
  3. Random 128 Bit Key Generator Manual

Fortuna is a cryptographically secure pseudorandom number generator (PRNG) devised by Bruce Schneier and Niels Ferguson and published in 2003. It is named after Fortuna, the Roman goddess of chance.

Design[edit]

Fortuna is a family of secure PRNGs; its designleaves some choices open to implementors. It is composed of the following pieces:

I want to generate a truly random one-time pad as fast as possible, but without the use of any electrical or any other complicated device. What is the fastest way to do that? Stack Exchange Network. Strong Password Generator to create secure passwords that are impossible to crack on your device without sending them across the Internet, and learn over 30 tricks to. Apparently it is perfectly safe to use 128 bits of entropy to generate a single 256 bit ECC key. Can I use 128 bits of entropy and a KDF to make a 256-bit ECC key? I assume this is because 256 bit ECC keys have a bit strength of 128 bits according to How many bits of entropy does an elliptic curve key.

  • The generator itself, which once seeded will produce an indefinite quantity of pseudo-random data.
  • The entropy accumulator, which collects genuinely random data from various sources and uses it to reseed the generator when enough new randomness has arrived.
  • The seed file, which stores enough state to enable the computer to start generating random numbers as soon as it has booted.

Generator[edit]

The generator is based on any good block cipher. Practical Cryptography suggests AES, Serpent or Twofish. The basic idea is to run the cipher in counter mode, encrypting successive values of an incrementing counter.

With a 128-bit block cipher, this would produce statistically identifiable deviations from randomness; for instance, generating 264 genuinely random 128-bit blocks would produce on average about one pair of identical blocks, but there are no repeated blocks at all among the first 2128 produced by a 128-bit cipher in counter mode. Therefore, the key is changed periodically: no more than 1 MiB of data (216 128-bit blocks) is generated without a key change. The book points out that block ciphers with a 256-bit (or greater) block size, which did not enjoy much popularity at the time, do not have this statistical problem.

The key is also changed after every data request (however small), so that a future key compromise doesn't endanger previous generator outputs. This property is sometimes described as 'Fast Key Erasure' or Forward secrecy.

Entropy accumulator[edit]

The entropy accumulator is designed to be resistant against 'injection' attacks, without needing sophisticated (and inevitably unreliable) estimators of entropy. There are several 'pools' of entropy; each entropy source distributes its alleged entropy evenly over the pools; and (here is the key idea) on the nth reseeding of the generator, pool k is used only if n is a multiple of 2k. Thus, the kth pool is used only 1/2k of the time. Higher-numbered pools, in other words, (1) contribute to reseedings less frequently but (2) collect a larger amount of entropy between reseedings. Reseeding is performed by hashing the specified entropy pools into the block cipher's key using two iterations of SHA-256.

Seeding[edit]

Unless an attacker is able to control all the sources of alleged entropy flowing into the system (in which case no algorithm can save it from compromise), there will be some k for which the kth pool collects enough entropy between reseedings that a reseeding with that pool ensures security. And that pool will be used at an interval proportional to the amount of entropy in question. Therefore, the system will always recover from an injection attack, and the time it takes to do so is at most a constant factor greater than the theoretical time it could take if we were able to identify which sources of entropy were corrupt and which not.

This conclusion depends on there being enough pools. Fortuna uses 32 pools, and restricts reseeding to happen at most 10 times per second. Running out of pools would then take about 13 years, which Ferguson and Schneier deem long enough for practical purposes. More paranoid implementors, or ones requiring the generation of random data at a colossal rate and correspondingly frequent reseeding, could use a larger number of pools.

Alternatives[edit]

Fortuna differs from the earlier Yarrow algorithm family of Schneier, Kelsey and Ferguson mostly in its handling of the entropy accumulator. Yarrow required each source of entropy to be accompanied by a mechanism for estimating the actual entropy supplied, and used only two pools; and its suggested embodiment (called Yarrow-160) used SHA-1 rather than iterated SHA-256.

Analysis[edit]

An analysis and a proposed improvement of Fortuna was made in 2014.[1]

See also[edit]

References[edit]

  1. ^Y. Dodis, A. Shamir, N. Stephens-Davidowitz, D. Wichs, 'How to Eat Your Entropy and Have it Too —Optimal Recovery Strategies for Compromised RNGs' Cryptology ePrint Archive, Report 2014/167, 2014. https://eprint.iacr.org/2014/167.pdf

General[edit]

  • Niels Ferguson and Bruce Schneier, Practical Cryptography, published by Wiley in 2003. ISBN0-471-22357-3.
  • John Viega, 'Practical Random Number Generation in Software,' acsac, pp. 129, 19th Annual Computer Security Applications Conference (ACSAC '03), 2003

External links[edit]

  • 'Fortuna on Bruce Schneier's website'.
  • Ferguson, Niels; Schneier, Bruce; Kohno, Tadayoshi (2010). 'Chapter 9: Generating Randomness'(PDF). Cryptography Engineering: Design Principles and Practical Applications. Wiley Publishing, Inc. ISBN978-0-470-47424-2.
  • 'Javascript Crypto Library'. includes a Javascript implementation of Fortuna PRNG.
  • Cooke, Jean-Luc (2005). 'jlcooke's explanation of and improvements on /dev/random'. Patch adding an implementation of Fortuna to the Linux kernel.
  • Litzenberger, Dwayne (2013-10-20). 'Fortuna implementation in Python, part of the Python Cryptography Toolkit'.
  • 'How to Eat Your Entropy and Have it Too -- Optimal Recovery Strategies for Compromised RNGs'. 2014-03-14.
  • 'Fortuna implementation in C++14'. Includes example server, entropy sources and command-line client. 2015-06-01.
Generator
Retrieved from 'https://en.wikipedia.org/w/index.php?title=Fortuna_(PRNG)&oldid=939277037'

Random Key Generator

Perfect Passwords
GRC's Ultra High Security
Password Generator
2,618 sets of passwords generated per day
33,542,803 sets of passwords generated for our visitors
DETECT “SECURE” CONNECTION INTERCEPTION with GRC's NEW HTTPS fingerprinting service!!

Generating long, high-quality random passwords is
not simple. So here is some totally random raw
material, generated just for YOU, to start with.

Every time this page is displayed, our server generates a unique set of custom, high quality, cryptographic-strength password strings which are safe for you to use:

64 random hexadecimal characters (0-9 and A-F):
421BAC3C156151B8288E5807F06D641E312737810FD55A08BB71F09ABBF89A51

63 random printable ASCII characters:
J)+hnWjS$'WZp-i >-y&3c&[GPoKZLi([*3Vv<%WjWxywm(kxLxl-Qv6(gR'Dcd

63 random alpha-numeric characters (a-z, A-Z, 0-9):
74gVThPqAdgXjxy0KSn3rj62QtZUhkAz6Gu0ux0SbnzX43J3KOGvRsImcTTCHB7
Click your web browser's 'refresh' button a few times and watch the password strings change each time.

What makes these perfect and safe?
Every one is completely random (maximum entropy) without any pattern, and the cryptographically-strong pseudo random number generator we use guarantees that no similar strings will ever be produced again.

Also, because this page will only allow itself to be displayed over a snoop-proof and proxy-proof high-security SSL connection, and it is marked as having expired back in 1999, this page which was custom generated just now for you will not be cached or visible to anyone else.

Nov 26, 2012  Steam Key Generator FREE Download Updated November 2012. Download: http. Games for Windows Live Key Generator? Gamer's Sick Fantasy Comes True. Direct download link (Windows) Steam Keys Free Steam Key Generator Working’ has been added to our website after successful testing, this tool will work for you as described and wont let you down. Steam Keys Free Steam Key Generator Working’ has latest anti. Steam is a digital distribution, digital rights management, multiplayer and communications platform developed by Valve Corporation. It is used to distribute games and related media online, from small independent developers to larger software houses; in October 2012, Valve expanded the service to include non-gaming software. Steam key generator 2012 free download pc. Dec 08, 2012  Zenonia 5 Hack Download Free Now; Line POP Hack Download Free; World At Arms Hack Download Free; Hay Day Hack Download Free; The Sims 3 Seasons Free Keygen Download; Fun Run Hack Tool Download Free; Angry Birds: Star Wars Free Keygen 2012; Frozen Hearth Free Keygen; Football Manager 2013 Key Generator v1.0.3 (Work w. Dishonored Steam Key. Free Steam Games. Update: We updated the software recently, but it was a silence update so the version number is not affected. The Steam Key Generator which is shown below and named 2013 still works!

Therefore, these password strings are just for you. No one else can ever see them or get them. You may safely take these strings as they are, or use chunks from several to build your own if you prefer, or do whatever you want with them. Each set displayed are totally, uniquely yours — forever.

The 'Application Notes' section below discusses various aspects of using these random passwords for locking down wireless WEP and WPA networks, for use as VPN shared secrets, as well as for other purposes.

The 'Techie Details' section at the end describes exactly how these super-strong maximum-entropy passwords are generated (to satisfy the uber-geek inside you).



Application Notes:

A note about 'random' and 'pseudo-random' terminology:
Throughout this page I use the shorthand term 'random' instead of the longer but more precise term 'pseudo-random'. I use the output of this page — myself — for any purpose, without hesitation, any time I need a chunk of randomness because there is no better place to find anything more trusted, random and safe. The 'pseudo-randomness' of these numbers does not make them any less good.

There are ways to generate absolutely random numbers, but computer algorithms cannot be used for that, since, by definition, no deterministic mathematical algorithm can generate a random result. Electrical and mechanical noise found in chaotic physical systems can be tapped and used as a source of true randomness, but this is much more than is needed for our purposes here. High quality algorithms are sufficient.

The deterministic binary noise generated by my server, which is then converted into various displayable formats, is derived from the highest quality mathematical pseudo-random algorithms known. In other words, these password strings are as random as anything non-random can be.

This page's password 'raw material':
The raw password material is provided in several formats to support its use in many different applications. Each of the password strings on the page is generated independently of every other, based upon its own unique pseudo-random binary data. So there is no underlying similarity in the data among the various format passwords.

64 hex characters = 256 binary bits:

2A16318C87855439CD339E033DAE5A1DF5E8588A6946593CC3DC06A0B9AF974F
Each of the 64 hexadecimal characters encodes 4 bits of binary data, so the entire 64 characters is equivalent to 256 binary bits — which is the actual binary key length used by the WiFi WPA pre-shared key (PSK). Some WPA-PSK user interfaces (such as the one in Windows XP) allows the 256-bit WPA pre-shared key to be directly provided as 64 hexadecimal characters. This is a precise means for supplying the WPA keying material, but it is ONLY useful if ALL of the devices in a WPA-protected WiFi network allow the 256-bit keying material to be specified as raw hex. If any device did not support this mode of specification (and most do not) it would not be able to join the network.

Using fewer hex characters for WEP encryption:
If some of your WiFi network cannot support the newer and much stronger (effectively unbreakable when used with maximum-entropy keys like these) WPA encryption system, you'll be forced either to run two WiFi networks in parallel (which is totally feasible — one super-secure and one at lower security) or to downgrade your entire network to weaker WEP encryption. Still, ANY encryption is better than no encryption.

WEP key strength (key length) is sometimes confusing because, although there are only two widely accepted standard lengths, 40-bit and 104-bit, those lengths are sometimes confused by adding the 24-bit IV (initialization vector) counter to the length, resulting in 64-bit and 128-bit total key lengths.

However, the user only ever specifies a key of either 40 or 104 binary bits. Since WEP keys should always be specified in their hexadecimal form to guarantee device interaction, and since each hex digit represents 4 binary bits of the key, 40 and 104 bit keys are represented by 10 and 26 hex digits respectively. So you may simply snip off whatever length of random hex characters you require for your system's WEP key.

Note that if all of your equipment supports the use of the new longer 256/232 bit WEP keys, you would use 232/4 or 58 hexadecimal characters for your pre-shared key.

CPU: 1.2 GHz Dual-Core Processor. Windows 8 free key generator download.


63 printable ASCII characters hashed down to 256 binary bits:

-V<w~Ym2(!iISIKjMbzc_=,^82bZASDV%9PEZs 8T7`5GU,2` gf'tp*&9$kJ~9
The more 'standard' means for specifying the 256-bits of WPA keying material is for the user to specify a string of up to 63 printable ASCII characters. This string is then 'hashed' along with the network's SSID designation to form a cryptographically strong 256-bit result which is then used by all devices within the WPA-secured WiFi network. (The ASCII character set was updated to remove SPACE characters since a number of WPA devices were not handling spaces as they should.)


The 63 alphanumeric-only character subset:

73uwTccIwQePS59UVy7YyzBHUB13zMPoVNlP2QzIQvCPDjU5ARkNrExnomFlISL
If some device was not following the WiFi Alliance WPA specification by not hashing the entire printable ASCII character set correctly, it would end up with a different 256-bit hash result than devices that correctly obeyed the specification. It would then be unable to connect to any network that uses the full range of printable ASCII characters.

Since we have heard unconfirmed anecdotal reports of such non-compliant WPA devices (and since you might have one), this page also offers 'junior' WPA password strings using only the 'easy' ASCII characters which even any non-fully-specification-compliant device would have to be able to properly handle. If you find that using the full random ASCII character set within your WPA-PSK protected WiFi network causes one of your devices to be unable to connect to your WPA protected access point, you can downgrade your WPA network to 'easy ASCII' by using one of these easy keys.

And don't worry for a moment about using an easy ASCII key. If you still use a full-length 63 character key, your entire network will still be EXTREMELY secure. And PLEASE drop us a line to let us know that you have such a device and what it is!


Shorter pieces are random too:
A beneficial property of these maximum entropy pseudo-random passwords is their lack of 'inter-symbol memory.' This means that in a string of symbols, any of the possible password symbols is equally likely to occur next. This is important if your application requires you to use shorter password strings. Any 'sub-string' of symbols will be just as random and high quality as any other.


When does size matter?
The use of these maximum-entropy passwords minimizes (essentially zeroes) the likelihood of successful 'dictionary attacks' since these passwords won't appear in any dictionary. So you should always try to use passwords like these.

When these passwords are used to generate pre-shared keys for protecting WPA WiFi and VPN networks, the only known attack is the use of 'brute force' — trying every possible password combination. Brute force attackers hope that the network's designer (you) were lazy and used a shorter password for 'convenience'. So they start by trying all one-character passwords, then two-character, then three and so on, working their way up toward longer random passwords.

Since the passwords used to generate pre-shared keys are configured into the network only once, and do not need to be entered by their users every time, the best practice is to use the longest possible password and never worry about your password security again.

Note that while this 'the longer the better' rule of thumb is always true, long passwords won't protect legacy WEP-protected networks due to well known and readily exploited weaknesses in the WEP keying system and its misuse of WEP's RC4 encryption. With WEP protection, even a highly random maximum-entropy key can be cracked in a few hours. (Listen to Security Now! episode #11 for the full story on cracking WEP security.)


The Techie Details:
Since its introduction, this Perfect Passwords page has generated a great deal of interest. A number of people have wished to duplicate this page on their own sites, and others have wanted to know exactly how these super-strong and guaranteed-to-be-unique never repeating passwords are generated. The following diagram and discussion provides full disclosure of the pseudo-random number generating algorithm I employed to create the passwords on this page:



While the diagram above might at first seem a bit confusing, it is a common and well understood configuration of standard cryptographic elements. A succinct written description of the algorithm would read: 'Rijndael (AES) block encryption of never-repeating counter values in CBC mode.'
CBC stands for 'Cipher Block Chaining' and, as I describe in detail in the second half of Security Now! Episode #107, CBC provides necessary security in situations where some repetition or predictability of the 'plaintext' message is present. Since the 'plaintext' in this instance is a large 128-bit steadily-increasing (monotonic) counter value (which gives us our guaranteed never-to-repeat property, but is also extremely predictable) we need to scramble it so that the value being encrypted cannot be predicted. This is what 'CBC' does: As the diagram above shows, the output from the previous encryption operation is 'fed back' and XOR-mixed with the incrementing counter value. This prevents the possibility of determining the secret key by analysing successive counter encryption results.
One last detail: Since there is no 'output from the previous encryption' to be used during the encryption of the first block, the switch shown in the diagram above is used to supply a 128-bit 'Initialization Vector' (which is just 128-bits of secret random data) for the XOR-mixing of the first counter value. Thus, the first encryption is performed on a mixture of the 128-bit counter and the 'Initialization Vector' value, and subsequent encryptions are performed on the mixture of the incrementing counter and the previous encrypted result.
The result of the combination of the 256-bit Rijndael/AES secret key, the unknowable (therefore secret) present value of the 128-bit monotonically incrementing counter, and the 128-bit secret Initialization Vector (IV) is 512-bits of secret data providing extremely high security for the generation of this page's 'perfect passwords'. No one is going to figure out what passwords you have just received.
How much security do 512 binary bits provide? Well, 2^512 (2 raised to the power of 512) is the total number of possible combinations of those 512 binary bits — every single bit of which actively participates in determining this page's successive password sequence. 2^512 is approximately equal to: 1.34078079 x 10^154, which is this rather amazing number:
13, 407, 807, 929, 942, 597, 099, 574, 024, 998, 205,
846, 127, 479, 365, 820, 592, 393, 377, 723, 561, 443,
721, 764, 030, 073, 546, 976, 801, 874, 298, 166, 903,
427, 690, 031, 858, 186, 486, 050, 853, 753, 882, 811,
946, 569, 946, 433, 649, 060, 084, 096
As far as the crypto experts know, the only workable 'attack' on the Rijndael (AES) cipher lying at the heart of this system is 'brute force' — which means trying each one of those many combinations of 512 bits. In other words, the passwords being generated by GRC's server and presented for your exclusive use on this page, are safe.

128 Bit Key Generator


Gibson Research Corporation is owned and operated by Steve Gibson. The contents
of this page are Copyright (c) 2016 Gibson Research Corporation. SpinRite, ShieldsUP,
NanoProbe, and any other indicated trademarks are registered trademarks of Gibson
Research Corporation, Laguna Hills, CA, USA. GRC's web and customer privacy policy.

Random 128 Bit Key Generator Manual


Comments are closed.