Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Random numbers aren't, says infosec boffin

From: InfoSec News <alerts () infosecnews org>
Date: Tue, 11 Aug 2015 08:11:21 +0000 (UTC)
http://www.theregister.co.uk/2015/08/11/your_numbers_arent_random_says_infosec_boffin/

By Richard Chirgwin
The Register
11 Aug 2015
The randomness (or rather, lack thereof) of pseudo-random number generators (PRNGs) is a persistent pain for those who work at the low layers of cryptography.
Security researcher Bruce Potter, whose activity in the field stretches back more than a decade, when he demonstrated war-driving using Bluetooth, says problems both in design and implementation undermine the effectiveness of common crypto libraries.
Now Potter's work (his BlackHat presentation is here [PDF]) has led to the claim that nobody really understands what's going on.
Part of the problem, he writes, is that people tend to conflate “entropy” with “randomness”, when in fact the two mean different things: entropy is a measurement of the uncertainty of an outcome, while randomness is a long-term assessment of entropy. 

[...]


--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
Previous By Date Next
Previous By Thread Next

Current thread: