1Generating Random Bits for RAPPOR 2================================= 3 4To ensure privacy, an application using RAPPOR must generate random bits in an 5unpredictable manner. In other words, an adversary that can predict the 6sequence of random bits used can determine the true values being reported. 7 8Generating random numbers is highly platform-specific -- even 9language-specific. So, libraries implementing RAPPOR should be parameterized 10by an interface to generate random bits. (This can be thought of as 11"dependency injection".) 12 13<!-- TODO: details on the interfaces, once we have them in more than one 14 language --> 15 16 17For now, we have collected some useful links. 18 19Linux 20----- 21 22* [Myths about /dev/urandom](http://www.2uo.de/myths-about-urandom/) -- Nice 23 article explaining implementation aspects of `/dev/urandom` and `/dev/random` 24 on Linux. (Summary: just use `/dev/urandom`, with caveats explained) 25 26* [LWN on getrandom](http://lwn.net/Articles/606141/) 27 ([patch](http://lwn.net/Articles/605828/)) -- A very recent addition to the 28 Linux kernel. As of this writing (11/2014), it's safe to say that very few 29 applications use it. The relevant change, involving an issue mentioned in 30 the first link, involves the situation at system boot, when there is little 31 entropy available. 32 33 34<!-- TODO: other platforms. Chrome uses /dev/urandom on Linux. What about 35 other platforms? --> 36 37<!-- TODO: when we have a C/C++ client, explain provide sample implementation 38 using simple C functions --> 39