diff options
Diffstat (limited to 'doc/randomness.md')
-rw-r--r-- | doc/randomness.md | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/doc/randomness.md b/doc/randomness.md new file mode 100644 index 0000000..7136cdc --- /dev/null +++ b/doc/randomness.md @@ -0,0 +1,38 @@ +Generating Random Bits for RAPPOR +================================= + +To ensure privacy, an application using RAPPOR must generate random bits in an +unpredictable manner. In other words, an adversary that can predict the +sequence of random bits used can determine the true values being reported. + +Generating random numbers is highly platform-specific -- even +language-specific. So, libraries implementing RAPPOR should be parameterized +by an interface to generate random bits. (This can be thought of as +"dependency injection".) + +<!-- TODO: details on the interfaces, once we have them in more than one + language --> + + +For now, we have collected some useful links. + +Linux +----- + +* [Myths about /dev/urandom](http://www.2uo.de/myths-about-urandom/) -- Nice + article explaining implementation aspects of `/dev/urandom` and `/dev/random` + on Linux. (Summary: just use `/dev/urandom`, with caveats explained) + +* [LWN on getrandom](http://lwn.net/Articles/606141/) + ([patch](http://lwn.net/Articles/605828/)) -- A very recent addition to the + Linux kernel. As of this writing (11/2014), it's safe to say that very few + applications use it. The relevant change, involving an issue mentioned in + the first link, involves the situation at system boot, when there is little + entropy available. + + +<!-- TODO: other platforms. Chrome uses /dev/urandom on Linux. What about + other platforms? --> + +<!-- TODO: when we have a C/C++ client, explain provide sample implementation + using simple C functions --> |