AES Random Number Generator

I came across the Ultra High Security Password Generator the other day, which uses a very high quality pseudo-random number generator to generate passwords and keys. The idea is not to use the full 63 characters as a password, but rather a contiguous subset, such as the first 8 characters.

The website is served securely, so no middle man can sniff at it. If you trust the maintainer not to store the generated numbers somewhere, which he claims not to be doing, then you can use it as a nice password generation service. If you are nervous about matching password possibilities to your IP, then grab a batch through the Tor network.

In terms of brute-force attacks, each letter from hexadecimal characters is worth 4 bits, from random printable ASCII characters is worth about 6.6 bits, and alpha-numeric is worth about 6 bits.

If you go with the set of printable ASCII characters, 6 to 8 characters (39 to 52 bits) should be good enough for an account password, where an attacker must guess through an attempt-limiting authentication system. 8 to 12 characters (53 to 79 bits) should be plenty for a passphrase used as an encryption key, where an attacker can brute force passphrase attempts at his leisure.

I wouldn't use this website for any serious encryption, though. If he is logging generated passwords, he will have a nice short list of possible passphrases to try against your encryption. So don't use it for your GPG passphrase. Generate those locally.

This is where the purpose of my post comes in! He describes the pseudo-random number generator he uses to generate the random numbers at the top of the page. It's the AES block cipher in cipher-block chaining (CBC) mode encrypting a 128-bit counter. A picture (well, diagram) is worth a thousand words,

Note that the diagram is actually being explicit about CBC mode, so the AES cipher in the diagram is in electronic codebook (ECB) mode. I missed this myself when initially interpreting the diagram and writing my implementation. Here is the same diagram with the AES cipher already in CBC mode,

I don't know if he designed this himself or not. I implemented it in C to study it a bit. You can grab it here with git (or follow the link and get a snapshot),

git clone git://

To build it, you will need libgcrypt installed (with headers).

Here is about 100 megabytes analyzed with ent, a pseudo-random number sequence test program.

Entropy = 7.999998 bits per byte.

Optimum compression would reduce the size
of this 100000000 byte file by 0 percent.

Chi square distribution for 100000000 samples is 275.58, and randomly
would exceed this value 25.00 percent of the times.

Arithmetic mean value of data bytes is 127.5095 (127.5 = random).
Monte Carlo value for Pi is 3.141182766 (error 0.01 percent).
Serial correlation coefficient is 0.000005 (totally uncorrelated = 0.0).

Wow! These results are great! This is exactly what you would see if you ran 100 megabytes of /dev/random, a true random number generator, through ent. It is also pretty fast, generating that 100 megabytes on my laptop in about 7 seconds. That's much faster than Linux's /dev/urandom (over a minute here), whose ent results aren't quite as good, either.

Note: Before you go using this somewhere important you should make sure this PRNG has been peer reviewed and carefully studied by professionals with cryptanalysis. It may have fundamentals flaws. I only found this on a website somewhere!

Still, that's a pretty damn cool pseudo-random number generator.

The generator is only useful if you want to generate more than 512 bits worth of numbers, because it takes 512 bits of randomly generated numbers to initialize the generator. If you want to generate a single password if the same strength, give this a shot,

head -c 50 /dev/random | tr -cd "A-Za-z0-9@#\!\$%^&*()_+=-~;,.<>/[]{}|?:'\\\`" && echo

It uses a true random number generator and selects from 94 printable ASCII characters (space not included).

Have a comment on this article? Start a discussion in my public inbox by sending an email to ~skeeto/ [mailing list etiquette] , or see existing discussions.

This post has archived comments.

null program

Chris Wellons