Random numbers are critical for cryptography: for encryption keys, random authentication challenges, initialization vectors, nonces, key-agreement schemes, generating prime numbers and so on. Break the random-number generator, and most of the time you break the entire security system. Which is why you should worry about a new random-number standard that includes an algorithm that is slow, badly designed and just might contain a backdoor for the National Security Agency.
View: Full Story @ Wired
View: Full Story @ Wired
The NSA developed a recommended random number generator.
The rest of the world can use whatever they want.
interesting. then this make that cyphering scheme totally useless. Time to move on to something else.
A random number generator depend in the seed, if they say that the seed is a constant then the generator always will return the same values. It's the reason because the seed is generated by a variable such seconds since midnight or miliseconds.
For example :
Think a number from 1 to 10 ? _____ (this number will be the seed).
The random number will be = (11 - seed). so even with a simple algorith without knowing the seed is "impossible" to obtain the random number.
Any back door into an encryption method completely negates the usefulness of that encryption method because it will be discovered and will be exploited by those for whom it is not intended.
this article uses 3d mapped esults to show strange correlations produced by various OS random number algorithms used for various OS's including BSD, OSX, OS 9, XP sp2
http://lcamtuf.coredump.cx/newtcp/
one is so simple you can guarantee "the results are 100% predictable in 5,000 attempts".
I'd love to see plos for Vista (hopefully changed), leopard (probably unchanged as it's pretty good), and this new 'standard'.
I wish they would be updated to have Vista in there too.
It's a nice way of visualizing the randomness of the generators. It looks like 2000/XP is fair, UNIX-based operating systems (then including OS X) often better off. And Cisco IOS was amazing there.
i think this is the best for "software" encryption out there.
Not that this sounds "special" for a random number generator. A generator in software (that doesn't base its seed on chaotic data from an external source like background radiation) is only as functional as the secrecy of its seed value. RSA and some others may be seen as different than that, because they also require you to know the input prime numbers, not just the seed itself, but those can then also be seen as being part of the seed.
So if those "keys" they're talking of is part of the seed value, I don't really see what's the news here. In that case, if NSA pushes an algorithm, naturally this is the reaction that will happen, and they will definitely not reveal the information this article is looking for. Doing that could risk breaking the algorithm.
Last edited by Jugalator on 16 Nov 2007 - 00:19
I had to recently generate a certificate to develop software and part of the process involved pressing random keys and randomly moving and clicking the mouse, just to generate lots of random user input.
Last edited by neufuse on 16 Nov 2007 - 12:16
thats my 2 bits
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.