I know that there are already tools out there to generate cryptographic random n

Question

I know that there are already tools out there to generate cryptographic random number, but I was wondering if using AES could do the same.

For example, I have a secret key for AES on my server and a counter in my database. Each time I want to generate a random number I increment the counter then encrypt it with AES using the secret key on my server then transform the resulting bits into the right number.

Wouldn't this produce secure random number as long as my secret key is not found?

N.B.: If you want to say that storing a password on your server is not safe, please explain how it is different than storing your private SSL key on your server.

Explanation / Answer

Theoretically, yes, but there are practical concerns.

As a pseudorandom number generator, it works well enough. But to make a CSPRNG out of it, you would need to start with a cryptographically-secure random key... and to get a cryptographically-secure random key, you need a CSPRNG. This is a chicken-and-egg problem: in order to build a CSPRNG out of AES, you need to already have a CSPRNG.

Why would you do that? In most circumstances, it wouldn't make much sense: if you've got access to a CSPRNG to make your key, then you might as well just use it directly. However, there are still cases where it can be useful. For example, if you're coding in a situation where you don't have access to a CSPRNG, but you do have access to a secret key which was made with one (and you know that this key has been kept secure), then you could use AES to make cryptographically-secure random numbers from the key. The implementation issues mentioned in other answers still apply, though.

Related Questions

Navigate

• Browse (All)
• Browse I
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.