1 <!DOCTYPE html> 2 <html> 3 <head> 4 <meta charset="UTF-8"> 5 <style type="text/css"> 6 code { color: green; } 7 pre { margin-left: 3em; } 8 </style> 9 <!-- INSERT LATCH JS --> 10 </head> 11 <body style="margin: 0 auto; width: 40em; text-align: left;"> 12 <!-- INSERT LATCH HTML --> 13<h1>Generating Random Bits for RAPPOR</h1> 14 15<p>To ensure privacy, an application using RAPPOR must generate random bits in an 16unpredictable manner. In other words, an adversary that can predict the 17sequence of random bits used can determine the true values being reported.</p> 18 19<p>Generating random numbers is highly platform-specific -- even 20language-specific. So, libraries implementing RAPPOR should be parameterized 21by an interface to generate random bits. (This can be thought of as 22"dependency injection".)</p> 23 24<!-- TODO: details on the interfaces, once we have them in more than one 25 language --> 26 27<p>For now, we have collected some useful links.</p> 28 29<h2>Linux</h2> 30 31<ul> 32<li><p><a href="http://www.2uo.de/myths-about-urandom/">Myths about /dev/urandom</a> -- Nice 33article explaining implementation aspects of <code>/dev/urandom</code> and <code>/dev/random</code> 34on Linux. (Summary: just use <code>/dev/urandom</code>, with caveats explained)</p></li> 35<li><p><a href="http://lwn.net/Articles/606141/">LWN on getrandom</a> 36(<a href="http://lwn.net/Articles/605828/">patch</a>) -- A very recent addition to the 37Linux kernel. As of this writing (11/2014), it's safe to say that very few 38applications use it. The relevant change, involving an issue mentioned in 39the first link, involves the situation at system boot, when there is little 40entropy available.</p></li> 41</ul> 42 43<!-- TODO: other platforms. Chrome uses /dev/urandom on Linux. What about 44 other platforms? --> 45 46<!-- TODO: when we have a C/C++ client, explain provide sample implementation 47 using simple C functions --> 48 </body> 49 </html> 50