The approaches described in this section could be pursued, but are not necessarily approaches that have been previously conceived or pursued. Therefore, unless otherwise indicated herein, the approaches described in this section are not prior art to the claims in this application and are not admitted to be prior art by inclusion in this section.
Computer-based cryptography techniques are widely used for encrypting and decrypting data communications. Generally, encryption approaches are classified as symmetric or asymmetric. In symmetric cryptography, the same key is used to encrypt and decrypt the data. In asymmetric approaches, different keys are used for encryption and decryption.
Many symmetric cryptography approaches require a seed value as input for use in generating a unique key value for a particular data set. For example, certain block ciphers such as Data Encryption Standard (DES) use keys that are generated from random seed values. In some such approaches, theoretically perfect security is achieved when the seed value is a truly random value; this is because a truly random value is not predictable and therefore extremely difficult to guess. Further, the mechanism used to generate a truly random value is normally extremely difficult for a malicious party to reverse-engineer based only on possession of example seed values. In practice, however, generating truly random values is difficult, and therefore a variety of pseudo-random seed value generation approaches are also used.
An example of a known approach for generating a random seed value involves counting the number of process threads that are instantiated by a computer operating system in a specified time. Historically, this and other techniques for generating truly random or pseudo-random seed values have been either extremely time-consuming in terms of computer processing time, or non-random. Both are undesirable.
For example, in certain client-server business applications where all communications between the client and server are encrypted and decrypted, transaction processing may be perceptibly slower when a slow seed generation technique is used. Customers of these applications and the vendors who provide them would prefer an approach in which seed generation requires minimal time.
Further, having a non-random seed generator affects security. Several known approaches for generating seed values have bugs or other characteristics such that the seed values are not truly random. Indeed, nearly all seed generation approaches that profess to be truly random are, in fact, pseudo-random, as described in B. Schneier, “Applied Cryptography” (John Wiley & Sons, Inc., 2nd ed. 1996), at pp. 44–46. If a pseudo-random seed value generator creates the same seed value twice, and a malicious party obtains two different ciphertexts that have been encrypted using a key based on the same seed value, in theory this provides the malicious party with valuable information that can be used to determine the key values and, ultimately, retrieve the original plaintext. This is undesirable.
Based on the foregoing, there is a clear need for an improved approach for generating seed values for use in symmetric encryption.