Hein (fub) wrote,

  • Mood:

Not-so-random number generators

For cryptographic uses, a random number generator is a must. Obviously, if all you have is software, your best effort will only produce pseudo-random numbers: if you know the state of your RNG, you can predict which numbers will be produced next. Luckily, for most cryptographic applications, attackers can not inspect the state of your RNG -- all they have is the bit sequence. And if the RNG is 'sufficiently' random, that can not be used to deduce the internal state of the RNG.

It turns out that the RNG in Windows 2000 (and perhaps other versions of Windows) contains a vulnerability that will allow an attacker to deduce the internal state of the RNG. So any crypto based on randomness from that RNG is vulnerable.

There are more algorithms to produce random numbers. A set of such algorithms are currently undergoing discussions to become part of a NIST standard. Curiously enough, the NSA has pushed for the inclusion of a particular algorithm. That algorithm, called Dual_EC_DRBG, is about three times as slow as the others. And it contains some magic numbers that are used as a seed.
As it so happens, some eggheads did the math, and concluded that there is a second, hidden set of magic numbers that complement the published set -- and with that second set, one can perfectly predict the state of the RNG itself. Bruce Schneier has interesting things to say about it.

Would there be a market for a robust hardware RNG? Perhaps something one could plug into their USB port or something? What kind of APIs would such a device have to offer to be of use in everyday security applications, such as generating GPG keys and such?
Tags: government, technology

  • Supergeil

    I can’t stop thinking about this German supermarket commercial of six years ago. Especially since in German the slang term…

  • Happy Easter!

    There used to be a program on Dutch public TV that commissioned short art movies for smaller children. This is their Easter special. I make a point…

  • Thou art more lovely and more tempered

    We have some silicon molds for chocolates, which we use to make the occasional sweet. You know, melting chocolate, making ganache, pouring it in,…

  • Post a new comment


    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded