xref: /aosp_15_r20/external/rappor/gh-pages/doc/randomness.html (revision 2abb31345f6c95944768b5222a9a5ed3fc68cc00) 
1*2abb3134SXin Li  <!DOCTYPE html>
2*2abb3134SXin Li  <html>
3*2abb3134SXin Li    <head>
4*2abb3134SXin Li      <meta charset="UTF-8">
5*2abb3134SXin Li      <style type="text/css">
6*2abb3134SXin Li        code { color: green; }
7*2abb3134SXin Li        pre { margin-left: 3em; }
8*2abb3134SXin Li      </style>
9*2abb3134SXin Li      <!-- INSERT LATCH JS -->
10*2abb3134SXin Li    </head>
11*2abb3134SXin Li    <body style="margin: 0 auto; width: 40em; text-align: left;">
12*2abb3134SXin Li      <!-- INSERT LATCH HTML -->
13*2abb3134SXin Li<h1>Generating Random Bits for RAPPOR</h1>
14*2abb3134SXin Li
15*2abb3134SXin Li<p>To ensure privacy, an application using RAPPOR must generate random bits in an
16*2abb3134SXin Liunpredictable manner.  In other words, an adversary that can predict the
17*2abb3134SXin Lisequence of random bits used can determine the true values being reported.</p>
18*2abb3134SXin Li
19*2abb3134SXin Li<p>Generating random numbers is highly platform-specific -- even
20*2abb3134SXin Lilanguage-specific.  So, libraries implementing RAPPOR should be parameterized
21*2abb3134SXin Liby an interface to generate random bits.  (This can be thought of as
22*2abb3134SXin Li"dependency injection".)</p>
23*2abb3134SXin Li
24*2abb3134SXin Li<!-- TODO: details on the interfaces, once we have them in more than one
25*2abb3134SXin Li     language -->
26*2abb3134SXin Li
27*2abb3134SXin Li<p>For now, we have collected some useful links.</p>
28*2abb3134SXin Li
29*2abb3134SXin Li<h2>Linux</h2>
30*2abb3134SXin Li
31*2abb3134SXin Li<ul>
32*2abb3134SXin Li<li><p><a href="http://www.2uo.de/myths-about-urandom/">Myths about /dev/urandom</a> -- Nice
33*2abb3134SXin Liarticle explaining implementation aspects of <code>/dev/urandom</code> and <code>/dev/random</code>
34*2abb3134SXin Lion Linux.  (Summary: just use <code>/dev/urandom</code>, with caveats explained)</p></li>
35*2abb3134SXin Li<li><p><a href="http://lwn.net/Articles/606141/">LWN on getrandom</a>
36*2abb3134SXin Li(<a href="http://lwn.net/Articles/605828/">patch</a>) -- A very recent addition to the
37*2abb3134SXin LiLinux kernel.  As of this writing (11/2014), it's safe to say that very few
38*2abb3134SXin Liapplications use it.  The relevant change, involving an issue mentioned in
39*2abb3134SXin Lithe first link, involves the situation at system boot, when there is little
40*2abb3134SXin Lientropy available.</p></li>
41*2abb3134SXin Li</ul>
42*2abb3134SXin Li
43*2abb3134SXin Li<!-- TODO: other platforms.  Chrome uses /dev/urandom on Linux.  What about
44*2abb3134SXin Li     other platforms?  -->
45*2abb3134SXin Li
46*2abb3134SXin Li<!-- TODO: when we have a C/C++ client, explain provide sample implementation
47*2abb3134SXin Li     using simple C functions -->
48*2abb3134SXin Li    </body>
49*2abb3134SXin Li  </html>
50