Random numbers form a basis in cryptography, in particular, during key management for security services such as integrity protection and the encryption of data. Random numbers are needed, in particular, to generate a cryptographic key or to determine a nonce. Random numbers may be generated using logical or physical random number generators. Strong random numbers, that is to say particularly randomly selected random numbers, may be generated by or using a physical random number generator. In this case, a pseudorandom number generator may be initialized using a starting value that was determined using a physical random number generator.
Random number generators may be known such as http://de.wikipedia.org/wiki/Zufallszahlengenerator. There are physical random number generators that determine a random number on the basis of a physical effect. Pseudorandom number generators are also known, which, starting from a starting value, determine a sequence of pseudorandom numbers using a deterministic calculation function. These have statistical properties expected of random numbers. Deterministic cryptographic random number generators are provided that likewise calculate a random number sequence deterministically starting from a starting value. The random numbers have special properties required for use in cryptographic protocols, see, inter alia, http://de.wikipedia.org/wiki/Kryptographisch_sicherer_Zufallszahlengenerator. In this case, at least the starting value may be determined using a physical random number generator.
An overview of hardware-based random number generators is provided, for example, by http://en.wikipedia.org/wiki/Hardware_random_number_generator.
A hardware random number generator is implemented on Intel CPUs, for example (see http://software.intel.com/en-us/articles/intel-digital-random-number-generator-drng-softwareimplenentation-guide). In this case, a plurality of computing cores access the same random number generator.
In order to generate random numbers, physical effects such as noise of semiconductor components may be used as the source of random numbers. “Flash Memory for Ubiquitous Hardware Security Functions: True Random Number Generation and Device Fingerprints” (see http://tsg.ece.cornell.edu/lib/exe/fetch.php?media=pubs:flash-ieeesp2012.pdf) discloses the practice of using a flash memory to generate random numbers. In this case, the generation-recombination noise (telegraph noise, RTN) and thermal noise in semiconductor modules are used. In this case, memory cells are erased and are then repeatedly partially written to. A parameter dependent on physical effects may then be determined for memory areas by reading-out.
The practice of initializing a random number generator (RNG) during the system start or else during the runtime on the basis of physical effects is disclosed (see http://downloads.hindawi.com/journals/es/2009/598246.pdf). In this case, use is made, for example, of the fact that the time behavior during the starting of a hard disk is not always exactly the same. This may be determined using a high-speed counter. These variations are used to generate a pool of random numbers.
Another source that is used is the tracking error, for example, which is the deviation of the position of the reading head from the optimum data path on the hard disk during reading. US 2009/0161246 A1 discloses the generation of a random number using an evaluation of the reading head position.
WO 2012/136763 A2 discloses the fact that the memory state of part of the random contents of a flash memory may be used for starting values (e.g., seeds) for initializing a pseudorandom number generator. The random number generator therefore generates random numbers that are in turn used to overwrite the corresponding memory area and may therefore be used as a new source of seeds.
The fact that the temporal variances during read/write access operations are used for hard disks is disclosed, for example (see http://www.chronox.de/jent/doc/CPU-Jitter-NPTRNG.html).
The practice of carrying out bad block management of solid-state disks (SSDs) is disclosed (see http://www.contradata.it/cataloghi/InnoDisk_Error_Correction_Detection_and_Bad_Block_Management_White_Paper.pdf), in which defective blocks are marked and are therefore no longer used to store information. Available memory areas on SSDs may be optimized, for example, by grouping on the basis of degrees of wear of the memory areas (see, for example, http://en.wikipedia.org/wiki/Wear_leveling).