2

I was doing some experiments with cryptography, and now I am trying to make a deterministic random number generator (DRBG). It should be a counter mode based deterministic random bit generator using AES-128 block cipher specified in NIST SP 800-90.

I have the source code of OpenSSL. In OpenSSL, there are two functions RAND_bytes() and RAND_pseudo_bytes() to be used as random number generator.

How to configure this OpenSSL random number generator as counter mode based DRBG using AES-128 block cipher?

jww
  • 97,681
  • 90
  • 411
  • 885
jithin
  • 637
  • 2
  • 14
  • 26
  • If this is for play, it isn't hard to make a DRBG (even one that is NIST compliant). If you want to work more productively then you can borrow one of the [DRBG](http://github.com/TomMD/DRBG) implementations out there. If this is for production then ask yourself why do you care if your RNG is deterministic in the first place? – Thomas M. DuBuisson Jul 22 '13 at 15:45
  • it has to be deterministic, and it is for productive purpose – jithin Jul 23 '13 at 07:34
  • Does it matter if it's open source (GPL)? Do you need backtracking resistance? Do you need any degree of prediction resistance? – Thomas M. DuBuisson Jul 23 '13 at 16:26
  • You could follow the instructions at [this question's](http://stackoverflow.com/questions/7437177/force-openssls-rngs-to-return-a-repeatable-byte-sequence) answer, but just replace the libc `rand()`-based implementation with your AES-based PRNG. If you need specific help with that part, I'd recommend asking a separate question about it and describing what you've managed to do so far. – Ilmari Karonen Aug 27 '13 at 12:30
  • 1
    Possible duplicate of [Making openssl generate deterministic key](https://stackoverflow.com/q/22759465/608639) – jww Oct 06 '19 at 04:36

1 Answers1

-1

You should be able to specify a random seed:

http://www.openssl.org/docs/crypto/RAND_add.html#

It seems that you can also save and reload a sequence generated:

http://www.openssl.org/docs/crypto/rand.html

Antonio
  • 19,451
  • 13
  • 99
  • 197
  • can you tell me which is the default algorithm it takes for number generation. I want aes-128 block ciphering , how to configure that ? – jithin Jul 22 '13 at 07:26
  • @jithin I do not have direct experience with that library, sorry. What I tried to answer was how to make it **deterministic**. Maybe you should ask another question. – Antonio Jul 22 '13 at 07:31
  • 4
    This will not work. OpenSSL mixes in additional random state, so the sequence will not repeat based on a seed. – jww Mar 30 '16 at 17:07
  • @jww I think this is very interesting, why don't you put it down with more details in a separate answer? – Antonio Mar 31 '16 at 08:02
  • [Here](https://stackoverflow.com/a/41284412/3075942) is the explanation why this doesn't work. – user Dec 13 '19 at 19:07