1 of 52

## What's hot

5. Stream Ciphers

Practical Malware Analysis Ch12
Practical Malware Analysis Ch12Sam Bowne

CNIT 141: 6. Hash Functions
CNIT 141: 6. Hash FunctionsSam Bowne

symmetric key encryption algorithms
symmetric key encryption algorithmsRashmi Burugupalli

Topic20 The RC4 Algorithm.pptx

2. Stream Ciphers

Modern symmetric cipher
Modern symmetric cipherRupesh Mishra

Post quantum cryptography - thesis
Post quantum cryptography - thesisSamy Shehata

Post Quantum Cryptography: Technical Overview
Post Quantum Cryptography: Technical OverviewRamesh Nagappan

Block Ciphers and the Data Encryption Standard
Block Ciphers and the Data Encryption StandardDr.Florence Dayana

Quantam cryptogrphy ppt (1)
Quantam cryptogrphy ppt (1)deepu427

Post quantum cryptography
Post quantum cryptographySamy Shehata

### What's hot(20)

5. Stream Ciphers
5. Stream Ciphers

Practical Malware Analysis Ch12
Practical Malware Analysis Ch12

Hash Function
Hash Function

CNIT 141: 6. Hash Functions
CNIT 141: 6. Hash Functions

Stream Ciphers
Stream Ciphers

symmetric key encryption algorithms
symmetric key encryption algorithms

Topic20 The RC4 Algorithm.pptx
Topic20 The RC4 Algorithm.pptx

Pseudo Random Number
Pseudo Random Number

2. Stream Ciphers
2. Stream Ciphers

Modern symmetric cipher
Modern symmetric cipher

Post quantum cryptography - thesis
Post quantum cryptography - thesis

Des lecture
Des lecture

Post Quantum Cryptography: Technical Overview
Post Quantum Cryptography: Technical Overview

Block Ciphers and the Data Encryption Standard
Block Ciphers and the Data Encryption Standard

Homomorphic encryption
Homomorphic encryption

DES
DES

Quantam cryptogrphy ppt (1)
Quantam cryptogrphy ppt (1)

Post quantum cryptography
Post quantum cryptography

Symmetric encryption
Symmetric encryption

Elliptic curve cryptography
Elliptic curve cryptography

## Similar to CNIT 141: 2. Randomness

The entropic principle: /dev/u?random and NetBSD by Taylor R Campbell
The entropic principle: /dev/u?random and NetBSD by Taylor R Campbelleurobsdcon

Sullivan randomness-infiltrate 2014
Sullivan randomness-infiltrate 2014Cloudflare

BTC2019 - The Key Creation Ceremony
BTC2019 - The Key Creation CeremonyJoshua McDougall

Yet Another Dan Kaminsky Talk (Black Ops 2014)
Yet Another Dan Kaminsky Talk (Black Ops 2014)Dan Kaminsky

What is pseudo random number
What is pseudo random numberAkshay Tikekar

Intel Random Number Generator
Intel Random Number GeneratorXequeMateShannon

Solving 800-90 Entropy Requirements in Software
Solving 800-90 Entropy Requirements in SoftwareRay Potter

Applied cryptanalysis - stream ciphers
Applied cryptanalysis - stream ciphersVlad Garbuz

«Applied cryptanalysis stream ciphers» by Vladimir Garbuz
«Applied cryptanalysis stream ciphers» by Vladimir Garbuz 0xdec0de

CNIT 125 Ch 4. Security Engineering (Part 2)
CNIT 125 Ch 4. Security Engineering (Part 2)Sam Bowne

Erlang, random numbers, and the security: London Erlang User Group Talk Slide...
Erlang, random numbers, and the security: London Erlang User Group Talk Slide...Kenji Rikitake

Anon p2p slides
Anon p2p slideschintaan

Random thoughts on IoT
Random thoughts on IoTMark Carney

Defeating the entropy downgrade attackSeth Wahle

Encryption Deep Dive
Encryption Deep DiveDiego Pacheco

Quantum cryptography by Girisha Shankar, Sr. Manager, Cisco
Quantum cryptography by Girisha Shankar, Sr. Manager, CiscoVishnu Pendyala

Hardware Reverse Engineering: From Boot to Root
Hardware Reverse Engineering: From Boot to RootYashin Mehaboobe

CNIT 141 5. Stream Ciphers
CNIT 141 5. Stream CiphersSam Bowne

### Similar to CNIT 141: 2. Randomness(20)

The entropic principle: /dev/u?random and NetBSD by Taylor R Campbell
The entropic principle: /dev/u?random and NetBSD by Taylor R Campbell

Sullivan randomness-infiltrate 2014
Sullivan randomness-infiltrate 2014

BTC2019 - The Key Creation Ceremony
BTC2019 - The Key Creation Ceremony

nabdullin_brcrdu_dark
nabdullin_brcrdu_dark

Yet Another Dan Kaminsky Talk (Black Ops 2014)
Yet Another Dan Kaminsky Talk (Black Ops 2014)

What is pseudo random number
What is pseudo random number

Intel Random Number Generator
Intel Random Number Generator

Solving 800-90 Entropy Requirements in Software
Solving 800-90 Entropy Requirements in Software

Applied cryptanalysis - stream ciphers
Applied cryptanalysis - stream ciphers

«Applied cryptanalysis stream ciphers» by Vladimir Garbuz
«Applied cryptanalysis stream ciphers» by Vladimir Garbuz

CNIT 125 Ch 4. Security Engineering (Part 2)
CNIT 125 Ch 4. Security Engineering (Part 2)

Erlang, random numbers, and the security: London Erlang User Group Talk Slide...
Erlang, random numbers, and the security: London Erlang User Group Talk Slide...

Anon p2p slides
Anon p2p slides

Random thoughts on IoT
Random thoughts on IoT

Encryption Deep Dive
Encryption Deep Dive

Quantum cryptography by Girisha Shankar, Sr. Manager, Cisco
Quantum cryptography by Girisha Shankar, Sr. Manager, Cisco

Hardware Reverse Engineering: From Boot to Root
Hardware Reverse Engineering: From Boot to Root

CNIT 141 5. Stream Ciphers
CNIT 141 5. Stream Ciphers

## More from Sam Bowne

3: DNS vulnerabilities
3: DNS vulnerabilities Sam Bowne

8. Software Development Security
8. Software Development SecuritySam Bowne

4 Mapping the Application
4 Mapping the ApplicationSam Bowne

3. Attacking iOS Applications (Part 2)
3. Attacking iOS Applications (Part 2)Sam Bowne

12 Elliptic Curves
12 Elliptic CurvesSam Bowne

11. Diffie-Hellman
11. Diffie-HellmanSam Bowne

2a Analyzing iOS Apps Part 1
2a Analyzing iOS Apps Part 1Sam Bowne

9 Writing Secure Android Applications
9 Writing Secure Android ApplicationsSam Bowne

12 Investigating Windows Systems (Part 2 of 3)
12 Investigating Windows Systems (Part 2 of 3)Sam Bowne

12 Investigating Windows Systems (Part 1 of 3
12 Investigating Windows Systems (Part 1 of 3Sam Bowne

8 Android Implementation Issues (Part 1)
8 Android Implementation Issues (Part 1)Sam Bowne

11 Analysis Methodology
11 Analysis MethodologySam Bowne

8. Authenticated Encryption
8. Authenticated EncryptionSam Bowne

7. Attacking Android Applications (Part 2)
7. Attacking Android Applications (Part 2)Sam Bowne

7. Attacking Android Applications (Part 1)
7. Attacking Android Applications (Part 1)Sam Bowne

6 Scope & 7 Live Data Collection
6 Scope & 7 Live Data CollectionSam Bowne

4. Block Ciphers
4. Block Ciphers Sam Bowne

6 Analyzing Android Applications (Part 2)
6 Analyzing Android Applications (Part 2)Sam Bowne

### More from Sam Bowne(20)

Cyberwar
Cyberwar

3: DNS vulnerabilities
3: DNS vulnerabilities

8. Software Development Security
8. Software Development Security

4 Mapping the Application
4 Mapping the Application

3. Attacking iOS Applications (Part 2)
3. Attacking iOS Applications (Part 2)

12 Elliptic Curves
12 Elliptic Curves

11. Diffie-Hellman
11. Diffie-Hellman

2a Analyzing iOS Apps Part 1
2a Analyzing iOS Apps Part 1

9 Writing Secure Android Applications
9 Writing Secure Android Applications

12 Investigating Windows Systems (Part 2 of 3)
12 Investigating Windows Systems (Part 2 of 3)

10 RSA
10 RSA

12 Investigating Windows Systems (Part 1 of 3
12 Investigating Windows Systems (Part 1 of 3

8 Android Implementation Issues (Part 1)
8 Android Implementation Issues (Part 1)

11 Analysis Methodology
11 Analysis Methodology

8. Authenticated Encryption
8. Authenticated Encryption

7. Attacking Android Applications (Part 2)
7. Attacking Android Applications (Part 2)

7. Attacking Android Applications (Part 1)
7. Attacking Android Applications (Part 1)

6 Scope & 7 Live Data Collection
6 Scope & 7 Live Data Collection

4. Block Ciphers
4. Block Ciphers

6 Analyzing Android Applications (Part 2)
6 Analyzing Android Applications (Part 2)

24 ĐỀ THAM KHẢO KÌ THI TUYỂN SINH VÀO LỚP 10 MÔN TIẾNG ANH SỞ GIÁO DỤC HẢI DƯ...
24 ĐỀ THAM KHẢO KÌ THI TUYỂN SINH VÀO LỚP 10 MÔN TIẾNG ANH SỞ GIÁO DỤC HẢI DƯ...Nguyen Thanh Tu Collection

Observing-Correct-Grammar-in-Making-Definitions.pptx

An overview of the various scriptures in Hinduism
An overview of the various scriptures in HinduismDabee Kamal

Climbers and Creepers used in landscaping
Climbers and Creepers used in landscapingDr. M. Kumaresan Hort.

e-Sealing at EADTU by Kamakshi Rajagopal

An Overview of the Odoo 17 Knowledge App
An Overview of the Odoo 17 Knowledge AppCeline George

demyelinated disorder: multiple sclerosis.pptx
demyelinated disorder: multiple sclerosis.pptxMohamed Rizk Khodair

diagnosting testing bsc 2nd sem.pptx....
diagnosting testing bsc 2nd sem.pptx....Ritu480198

Analyzing and resolving a communication crisis in Dhaka textiles LTD.pptx
Analyzing and resolving a communication crisis in Dhaka textiles LTD.pptxLimon Prince

OSCM Unit 2_Operations Processes & Systems
OSCM Unit 2_Operations Processes & SystemsSandeep D Chaudhary

Scopus Indexed Journals 2024 - ISCOPUS Publications
Scopus Indexed Journals 2024 - ISCOPUS PublicationsISCOPE Publication

Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...
Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...EADTU

When Quality Assurance Meets Innovation in Higher Education - Report launch w...
When Quality Assurance Meets Innovation in Higher Education - Report launch w...Gary Wood

Graduate Outcomes Presentation Slides - English (v3).pptx
Graduate Outcomes Presentation Slides - English (v3).pptxneillewis46

Andreas Schleicher presents at the launch of What does child empowerment mean...
Andreas Schleicher presents at the launch of What does child empowerment mean...EduSkills OECD

Spring gala 2024 photo slideshow - Celebrating School-Community Partnerships
Spring gala 2024 photo slideshow - Celebrating School-Community Partnershipsexpandedwebsite

Đề tieng anh thpt 2024 danh cho cac ban hoc sinh
Đề tieng anh thpt 2024 danh cho cac ban hoc sinhleson0603

The Story of Village Palampur Class 9 Free Study Material PDF
The Story of Village Palampur Class 9 Free Study Material PDFVivekanand Anglo Vedic Academy

24 ĐỀ THAM KHẢO KÌ THI TUYỂN SINH VÀO LỚP 10 MÔN TIẾNG ANH SỞ GIÁO DỤC HẢI DƯ...
24 ĐỀ THAM KHẢO KÌ THI TUYỂN SINH VÀO LỚP 10 MÔN TIẾNG ANH SỞ GIÁO DỤC HẢI DƯ...

Observing-Correct-Grammar-in-Making-Definitions.pptx
Observing-Correct-Grammar-in-Making-Definitions.pptx

An overview of the various scriptures in Hinduism
An overview of the various scriptures in Hinduism

Climbers and Creepers used in landscaping
Climbers and Creepers used in landscaping

e-Sealing at EADTU by Kamakshi Rajagopal
e-Sealing at EADTU by Kamakshi Rajagopal

An Overview of the Odoo 17 Knowledge App
An Overview of the Odoo 17 Knowledge App

demyelinated disorder: multiple sclerosis.pptx
demyelinated disorder: multiple sclerosis.pptx

diagnosting testing bsc 2nd sem.pptx....
diagnosting testing bsc 2nd sem.pptx....

Analyzing and resolving a communication crisis in Dhaka textiles LTD.pptx
Analyzing and resolving a communication crisis in Dhaka textiles LTD.pptx

OSCM Unit 2_Operations Processes & Systems
OSCM Unit 2_Operations Processes & Systems

Scopus Indexed Journals 2024 - ISCOPUS Publications
Scopus Indexed Journals 2024 - ISCOPUS Publications

Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...
Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...

When Quality Assurance Meets Innovation in Higher Education - Report launch w...
When Quality Assurance Meets Innovation in Higher Education - Report launch w...

Graduate Outcomes Presentation Slides - English (v3).pptx
Graduate Outcomes Presentation Slides - English (v3).pptx

Andreas Schleicher presents at the launch of What does child empowerment mean...
Andreas Schleicher presents at the launch of What does child empowerment mean...

Spring gala 2024 photo slideshow - Celebrating School-Community Partnerships
Spring gala 2024 photo slideshow - Celebrating School-Community Partnerships

OS-operating systems- ch05 (CPU Scheduling) ...
OS-operating systems- ch05 (CPU Scheduling) ...

Đề tieng anh thpt 2024 danh cho cac ban hoc sinh
Đề tieng anh thpt 2024 danh cho cac ban hoc sinh

The Story of Village Palampur Class 9 Free Study Material PDF
The Story of Village Palampur Class 9 Free Study Material PDF

### CNIT 141: 2. Randomness

• 1. CNIT 141 Cryptography for Computer Networks 2. Randomness
• 2. Topics • Random or Non-Random? • Randomness as a Probability Distribution • Entropy: A Measure of Uncertainty • Random Number Generators (RNGs) and  Pseudorandom Number Generators (PRNGs) • Real-World PRNGs • How Things Can Go Wrong
• 4. What is Randomness? • Is 11010110 more random than 00000000 ? • Both are equally likely, as exact values • But if the first one is described as "three zeroes and five ones" it's more likely • So if we see something that "looks like" 11010110 • That is more likely to be truly random than 00000000
• 6. Probability • A fair coin • 50% chance of head, 50% chance of tails • A fair die • 1/6 chance of 1, 1/6 of 2, ... up to 6 • Total is always 100% • Uniform distribution • Equal chance of every outcome
• 7. Entropy: A Measure of Uncertainty
• 8. Definition of Entropy • Distribution has probabilities p1, p2, ... pN • Entropy is - p1 log(p1) - p2 log(p2) ... - pN log(pN) • log is to base 2
• 9. Examples • One random bit: probabilities 1/2, 1/2 • Entropy is - 1/2 log(1/2) - 1/2 log(1/2) log(1/2) = -1, so this is - 1/2 (-1) - 1/2 (-1) = 1 bit • Also called information content
• 10. Examples • One random byte: probabilities 1/256, 1/256, ... 1/256 (256 equal values) • Entropy is - 1/256 log(1/256) - 1/256 log(1/256) ...   (256 terms) log(1/256) = -8, so this is - 1/256 (-8) - 1/256 (-8) ... (256 terms)   = 8 bits
• 11. Examples • One non-random bit: probabilities 100% of 0, 0% of 1 • Entropy is - 1 log(1) - 0 log(0) log(1) = 0, ignore second term, so this is 0 bits
• 15.
• 16. Random Number Generators (RNGs) and   Pseudorandom Number Generators (PRNGs)
• 17. RNGs and PRNGs • To generate randomness, computers need • A source of entropy • Provided by a Random Number Generator (RNG) • An algorithm to produce random bits from the entropy • Pseudorandom Number Generator (PRNG)
• 18. RNG • Randomness comes from the environment • Analog, chaotic, unpredictable • Temperature, acoustic noise, random electrical fluctuations • Sensors: I/O devices, network or disk activity, logs, running processes, keypresses, mouse movements
• 19. QRNG • Quantum Random Noise Generator • Radioactive decay, vacuum polarization, photons
• 20. PRNG • Pseudorandom Noise Generator • Create many artificial random bits • From a few truly random bits • Continues working even if physical source stops (e.g., the mouse stops moving)
• 21. How PRNGs Work • PRNG receives random bits from RNG • at regular intervals • Updates the entropy pool • Mixes pool's bits together when updating • To remove bias
• 22. DRBG • The PRNG uses a Deterministic Random Bit Generator (DRBG) • Expands some bits from the entropy pool into a much longer sequence • Deterministic: not randomized • Always produces the same stream of bits from the same input
• 23. PRNG Operations • init() • Initializes the entropy pool and the internal state of the PRNG • refresh() • Updates the entropy pool using R (data from the RNG), called reseeding • R is called the seed • next() • Returns N pseudorandom bits and updates the entropy pool
• 24. Security Concerns • Backtracking resistance • Also called forward secrecy • Previously generated bits are impossible to recover • Prediction resistance • Future bits are impossible to predict
• 25. • NSA stores exabytes of captured encrypted traffic • 1 EB is 1 million TB • Waiting for cryptographic keys to be found
• 26.
• 27. Achieving Resistance • Backtracking resistance • refresh and next operations must be irreversible, so • If attacker obtains the entropy pool, they still can't determine previously generated bits • Prediction resistance • PRNG must refresh regularly with R values that the attacker cannot find or guess
• 28. Fortuna • A PRNG designed in 2003 by Neils Ferguson and Bruce Schneier • Used in Windows • Uses 32 entropy pools, a 16-byte key, and a 16-byte counter • Mac OS and iOS use Yarrow • Designed in 1998 by Kelsey and Schneier
• 29. Security Failures • If RNGs fail to produce enough random bits • Fortuna might not notice, and produce lower- quality pseudorandom bits • Or stop delivering bits • If seed files are stolen or re-used, • Fortuna will produce identical sequences of bits
• 30. Cryptographic vs. Non- Cryptographic PRNGs • Most PRNGs provided for programming languages are non-cryptographic • Only concerned with statistical randomness, not predictability • Often use Mersenne Twister algorithm • Cryptographic PRNGs are unpredictable
• 32. Unix-Based Systems • /dev/urandom gets data from the crypto PRNG • Non-blocking: always returns data, even if entropy is low • /dev/random • Blocking: refuses to return data if entropy is low
• 33. Blocking • Blocking turned out to be a bad idea • Entropy estimates are unreliable • Attackers can fool them • /dev/random runs out of entropy quickly • Producing denial of service while waiting for more entropy • In practice, /dev/urandom is better
• 34. • Links Ch 2b, Ch 2c
• 35. Linux Commands • To see entropy pool • for i in {1..100}; do cat /proc/sys/kernel/ random/entropy_avail; sleep 2; done • To consume entropy • dd if=/dev/random bs=8 count=8 | base64
• 38. Windows • CryptGenRandom() function • Now replaced by BcryptGenRandom() • Takes entropy from the kernel mode driver cng.sys (formerly ksedd.sys) • Loosely based on Fortuna
• 39. Intel RDRAND • Hardware RNG introduced in 2012 with Ivy Bridge • Uses RDRAND assembly language instruction • Only partially documented • Some people fear that it has an NSA backdoor
• 40. • Talk given in 2007 • Link Ch 2d
• 41.
• 42. • Dual_EC_DRBG is 1000x slower that other options • Championed by the NSA • Schneier said to avoid it in 2007 • Link Ch 2f
• 43. • TOP SECRET leaks from Snowden • New York Times, 2013 (Link Ch 2h)
• 44.
• 46. How Things Can Go Wrong
• 47. Poor Entropy Sources • Netscape's SSL in 1996 • Seeded from process ID and system time in microseconds • Predictable values • Total entropy only 47 bits, but should have had 128
• 48. • In 2012, researchers tested 7.1 million 1024- bit RSA public keys • 27,000 of them had a shared prime factor (p or q) • Link Ch 2i
• 49. Insufficient Entropy   at Boot Time • Cause: devices generated public keys early after bootup, before collecting enough entropy
• 50. Non-Cryptographic PRNG • Old version of MediaWiki, used for Wikipedia • mt_rand is a Mersenne Twister
• 51. Sampling Bug with  Strong Randomness • Cryptocat had an off-by-one error • Values had 45 bits of entropy instead of 53
Current LanguageEnglish
Español
Portugues
Français
Deutsche