SlideShare a Scribd company logo

Sullivan randomness-infiltrate 2014

Cloudflare
Cloudflare

Many information security systems rely on cryptographic schemes that need truly random numbers be secure. In recent months there have been several high profile news stories about weaknesses or potential compromises in both software and hardware random number generators. A compromised random number generator is difficult to catch because it can output random looking data that is predictable to an attacker only. In this talk I describe how to go from knowledge of a weakness in a random number generator to a full security compromise. We will look at examples including how to fully decrypt a TLS stream, how to compromise a bitcoin wallet by looking at the ECDSA signatures on the public block chain, how to factor improperly generated RSA keys, and more. There will be live demos and discussions of interesting ways to pull off these attacks.

Internet
1 of 68
Download to read offline
Nick Sullivan @grittygrease May 16, 2014 Exploiting Randomness Some fun exploits you can do with a compromised random number generator
Who Am I? • Cryptography Engineer, Security Researcher • Lead the CloudFlare Security Engineering Team • Work with Cryptography at scale • Builder and Breaker 2
Randomness 3
Randomness • What is randomness? • Why is randomness important? • How bad randomness can destroy a computer security system 4
Randomness • Broken random number generator is very problematic ! • This talk demos attacks on: • Bitcoin • TLS/SSL 5
Randomness • Random number generators can be compromised in multiple ways ! • Explicit subversion • Algorithmic weakness • Poor seeding ! • All three are exploitable 6
The Internet is broken 7
The Internet is broken • A failure of trust at scale • Slow adoption by community of new standards • DNSSEC • Perfect Forward Secrecy • Fundamental parts of it are broken • Revocation — as shown by Heartbleed vulnerability 8
A trying year • Events since June 2013 exposed fragility • Threats moved from theoretical to concrete • Opinions of the “paranoid” are now mainstream 9
Leaked documents • Purported attempts to subvert public standards and open source projects • Subversion of random number generation • I can talk about this since I was never involved 10
Dual_EC_DRBG 11
Dual_EC_DRBG • It was reported that RSA took 10 million to make Dual_EC_DRBG default in BSAFE in 2004 • Removed as default in 2013 12
Dual_EC_DRBG • Clumsy, slow random number generator based on elliptic curves • Came with two “random” starting points • Missed opportunity(?) if they are random • Starting points can be chosen such that creator has a back door • Patented by Vanstone and Brown (2005) • 32 bytes of data reveal entire stream 13
Dual_EC_DRBG • Internal state is entirely dependent on the seed 14
Dual_EC_DRBG • TLS client hello only reveals 28 bytes of random • RSA implemented non-standard “extended random” TLS extension • Reveals the full 32 bytes of consecutive data required 15
Dual_EC_DRBG • “On the Practical Exploitability of Dual EC in TLS Implementations” - 2014 • Lange, Bernstein, Green, et al. • Looked into OpenSSL-FIPS, SChannel, BSAFE, used trojaned points ! • Findings • TLS for each are fingerprintable • TLS session key in seconds to hours of computation — passively 16
Dual_EC_DRBG - Takeaways • Many protocols include random values (nonces, IVs, session ids, etc.) • Internal state can be recovered with this data • All future random can be derived from internal state 17
Intel RDRAND 18
Intel RDRAND • IvyBridge and later random number generator — in hardware • Designed to be fast • Has an AES-based “whitening” step at the end 19
Intel RDRAND 20
Intel RDRAND • Exploitability: it’s a hardware instruction • Virtualized environments - override from hypervisor • Microcode updates ! • Verifiability • Designers have not looked at production chips in Haswell • Is there a backdoor in silicon? Hard to tell. 21
Intel RDRAND • FreeBSD and Linux patched to make RDRAND sole source of entropy • Eventually patches were blocked or reverted • Linux now mixes RDRAND into /dev/random ! • What motivated these patches? 22
Intel RDRAND - takeaways • Randomness can come from hardware • Should be mixed with other sources • Looking at randomness does not reveal backdoors 23
A bit about entropy 24
A bit about entropy • Why is RDRAND dangerous on its own, but ok to mix? ! • Statistical randomness is not enough • Cryptographic randomness needs • To be unpredictable • To have high entropy 25
A bit about entropy • Entropy is the amount of information contained in a sequence of numbers • If you know the sequence, it is predictable ! • The digits of pi are statistically random, but are predictable • The entropy is equivalent to the definition: “ratio of circumference to diameter of a circle” • This sentence only needs a few bytes to express 26
A bit about entropy • Entropy is in the eyes of the beholder • Known information takes away from the entropy • Digits of pi have high entropy to someone who doesn’t know math ! • The NIST random beacon is not cryptographic randomness • Generated with high entropy process, but disclosed to the world 27
A bit about entropy • Encrypted the digits of pi with a 128 bit AES key • Tell the world that’s what it is ! • The entropy to you is low • The entropy to the world is 128 bit 28
A bit about entropy • Same with Dual_EC_DRBG • Say P = nQ • The relationship between P & Q can be computed by solving ECDLP • That takes ~2^128 computations • The entropy to the world is 128 bits • The entropy to whoever knows n (the creator) is almost zero given 32 consecutive bytes 29
A bit about entropy • Independent entropy is additive • RDRAND is ok to mix in, it can only increase randomness 30
The Digital Signature Algorithm (DSA) 31
The Digital Signature Algorithm (DSA) • Public Key cryptography primitive proposed in 1991 • Allows the owner of a private key to sign hash of a message • The public key is used to verify the signature 32
The Digital Signature Algorithm (DSA) • Where is it used? Everywhere. • What kind of key is your ssh key? • ECDSA: elliptic curve variant used in TLS, bitcoin 33
The Digital Signature Algorithm (DSA) • Core complaint: DSA and ECDSA require cryptographic randomness • Repeated signature with same random value reveal the private key 34
The Digital Signature Algorithm (DSA) • Signature • Pick a random k • Convolute k with private key and hash of message • Publish R, S ! • Solve DLP on R -> k 35
The Digital Signature Algorithm (DSA) • Any known k • Extract private key • Any repeated k with same private key • Extract k 36
The Digital Signature Algorithm (DSA) • The Math 37
The Digital Signature Algorithm (DSA) • The Math 38
The Digital Signature Algorithm (DSA) • Breaking DSA 39
Bitcoin 40
Bitcoin • Fundamental security based on ECDSA • Public key hash is your Bitcoin address • Private key allows you to spend • ECDSA signature proves transaction 41
Bitcoin • OP_CHECKSIG • Verify that a payment was made 42
Bitcoin • Two transactions by same Bitcoin address with same random value k ! • Signature includes S, R • R = kG, where G is base point • If R1 = R1, most likely the same k was used 43
Bitcoin • Demo • /fun - hash1="270666214c4a9654e2b0c40cbe6e57331ab2d8034f8c648944d5d3c7550b46dc" - sig1="4830450221009ac20335eb38768d2052be1dbbc3c8f6178407458e51e6b4ad22f1d 91758895b02201b0d10a717ffccbfe5483bb7aa1cdcdc2a4e8775c706aaeddbcbfd55df190 dd5012103ffffc29d98bf4eec11e6948387bdf5928848dca7b83bfde8e0e627e66c706576" - hash2="9bc17698be66f12460b7d7f87e47e1bbc03203194d0cf539ca9b862b23742b0a" - sig2="4830450221009ac20335eb38768d2052be1dbbc3c8f6178407458e51e6b4ad22f1d 91758895b0220507b798addf5097c11fb4ed40518b2c3e468feb3d09a1fea837cf9d16ae2 5ef6012103ffffc29d98bf4eec11e6948387bdf5928848dca7b83bfde8e0e627e66c706576" 44
Other DSA risks • VPN signatures • IPSec uses DSA, ECDSA • OpenVPN • SSH keys • Secure boot chain • low entropy boot environments • Codesigning keys 45
Symptoms of DSA break • Look at the R value • Repeating R means your key is compromised 46
RSA 47
RSA • Public Key Cryptosystem • Basis of the Public Key Infrastructure • Security is based on strength of factoring large numbers ! • RSA modulus N has two factors P & Q • RSA key pairs created by randomly generating P & Q 48
RSA • Taiwanese government id: each person has a unique RSA key 49
RSA • Factoring P*Q is hard • Factoring P*Q and P*R is easy: Chinese remainder theorem • You can also find the GCD of a large number of numbers ! • Factoring RSA keys from certified smart cards: Coppersmith in the wild - 2013 • This is exactly what Bernstein, Heninger, Lange did 50
RSA • They found that some even had recognizable patterns 51
RSA • Result of bad entropy initialization, bad RNG • No Demo, https://factorable.net covers it 52
RSA • Need to attack before keys are created • Bootloading, early execution vulnerable to weak PRNG • TrueCrypt? GnuPG? Probably. • Rely on system to generate RSA keys • Routers and embedded devices - ephemeral RSA keys 53
RSA • What are the symptoms? • No symptoms, totally passive • Where can you harvest public keys? • Scan the internet • PGP lists - keybase.io? 54
TLS 55
TLS • The crown jewel of Internet encryption is SSL/TLS • Breaking this removes privacy on the internet • I will demonstrate one attack and point out two others 56
Handshake • Breakdown of RSA handshake ! • Random from client • Decryption from server 57
Handshake • Breakdown of DHE handshake ! • Random from Client • Random from Server 58
DH on the wire • Client sends aG • Server sends bG • Pre-master secret is abG 59
Perfect Secrecy • RSA is vulnerable to client randomness bugs — session key leak • ECDSA is vulnerable to server randomness bugs — private key leak • DH is vulnerable to both client and server randomness bugs 60
TLS • Demo • node.js server with a modified OpenSSL binding for the RNG • Do a handshake • Measure it, steal DH private key, decrypt stream 61
Vectors of attack 62
Vectors of attack 63 Application Userland CSPRNG sharedlib /dev/random Kernel timing Hypervisor RDRAND
How to exploit more generally • Override RDRAND in hypervisor • Other protocols: OpenVPN, IPSec • Where to find randomness for context: nonces, IVs • Trojan the OS image — /dev/random or system openssl • Extracting RNG state through remote memory disclosure: heartbleed 64
More examples from history • RSA • Debian RNG • ECDSA • Sony Playstation 2 • Android Wallet • Examples: iOS 7.0 bootloader RNG — change BIOS 65
More targets • Other things that depend on good RNG ! • Session cookies • Kaminsky’s DNS poisoning attack mitigation • Suite B - ECDSA Certificate Authorities 66
Conclusion • Randomness is important • Subverting PRNG • Can be done in different layers • Very hard to detect • Exploit bugs in PRNG • Repeated random breaks DSA 67
Nick Sullivan @grittygrease May 16, 2014 Exploiting Randomness Some fun exploits you can do with a compromised random number generator

Recommended

Sullivan white boxcrypto-baythreat-2013
Sullivan white boxcrypto-baythreat-2013Sullivan white boxcrypto-baythreat-2013
Sullivan white boxcrypto-baythreat-2013Cloudflare
 
Sullivan red october-oscon-2014
Sullivan red october-oscon-2014Sullivan red october-oscon-2014
Sullivan red october-oscon-2014Cloudflare
 
Sullivan handshake proxying-ieee-sp_2014
Sullivan handshake proxying-ieee-sp_2014Sullivan handshake proxying-ieee-sp_2014
Sullivan handshake proxying-ieee-sp_2014Cloudflare
 
Running Secure Server Software on Insecure Hardware Without Parachute
Running Secure Server Software on Insecure Hardware Without ParachuteRunning Secure Server Software on Insecure Hardware Without Parachute
Running Secure Server Software on Insecure Hardware Without ParachuteCloudflare
 
Sullivan heartbleed-defcon22 2014
Sullivan heartbleed-defcon22 2014Sullivan heartbleed-defcon22 2014
Sullivan heartbleed-defcon22 2014Cloudflare
 
Botconf ppt
Botconf pptBotconf ppt
Botconf pptCloudflare
 
Virus Bulletin 2012
Virus Bulletin 2012Virus Bulletin 2012
Virus Bulletin 2012Cloudflare
 
Heartache and Heartbleed - 31c3
Heartache and Heartbleed - 31c3Heartache and Heartbleed - 31c3
Heartache and Heartbleed - 31c3Nick Sullivan
 

Recommended

Sullivan white boxcrypto-baythreat-2013
Sullivan white boxcrypto-baythreat-2013Sullivan white boxcrypto-baythreat-2013
Sullivan white boxcrypto-baythreat-2013Cloudflare
 
Sullivan red october-oscon-2014
Sullivan red october-oscon-2014Sullivan red october-oscon-2014
Sullivan red october-oscon-2014Cloudflare
 
Sullivan handshake proxying-ieee-sp_2014
Sullivan handshake proxying-ieee-sp_2014Sullivan handshake proxying-ieee-sp_2014
Sullivan handshake proxying-ieee-sp_2014Cloudflare
 
Running Secure Server Software on Insecure Hardware Without Parachute
Running Secure Server Software on Insecure Hardware Without ParachuteRunning Secure Server Software on Insecure Hardware Without Parachute
Running Secure Server Software on Insecure Hardware Without ParachuteCloudflare
 
Sullivan heartbleed-defcon22 2014
Sullivan heartbleed-defcon22 2014Sullivan heartbleed-defcon22 2014
Sullivan heartbleed-defcon22 2014Cloudflare
 
Botconf ppt
Botconf pptBotconf ppt
Botconf pptCloudflare
 
Virus Bulletin 2012
Virus Bulletin 2012Virus Bulletin 2012
Virus Bulletin 2012Cloudflare
 
Heartache and Heartbleed - 31c3
Heartache and Heartbleed - 31c3Heartache and Heartbleed - 31c3
Heartache and Heartbleed - 31c3Nick Sullivan
 
An analysis of TLS handshake proxying
An analysis of TLS handshake proxyingAn analysis of TLS handshake proxying
An analysis of TLS handshake proxyingNick Sullivan
 
Bringing Elliptic Curve Cryptography into the Mainstream
Bringing Elliptic Curve Cryptography into the MainstreamBringing Elliptic Curve Cryptography into the Mainstream
Bringing Elliptic Curve Cryptography into the MainstreamNick Sullivan
 
CFSSL 1.1: The Evolution of a PKI toolkit - DEF CON 23
CFSSL 1.1: The Evolution of a PKI toolkit - DEF CON 23CFSSL 1.1: The Evolution of a PKI toolkit - DEF CON 23
CFSSL 1.1: The Evolution of a PKI toolkit - DEF CON 23Nick Sullivan
 
What's New in Go Crypto - Gotham Go
What's New in Go Crypto - Gotham GoWhat's New in Go Crypto - Gotham Go
What's New in Go Crypto - Gotham GoNick Sullivan
 
Overview of SSL: choose the option that's right for you
Overview of SSL: choose the option that's right for youOverview of SSL: choose the option that's right for you
Overview of SSL: choose the option that's right for youCloudflare
 
DEVNET-1007 Network Infrastructure as Code with Chef and Cisco
DEVNET-1007 Network Infrastructure as Code with Chef and CiscoDEVNET-1007 Network Infrastructure as Code with Chef and Cisco
DEVNET-1007 Network Infrastructure as Code with Chef and CiscoCisco DevNet
 
Security with VA Smalltalk
Security with VA SmalltalkSecurity with VA Smalltalk
Security with VA SmalltalkESUG
 
y3dips hacking priv8 network
y3dips hacking priv8 networky3dips hacking priv8 network
y3dips hacking priv8 networkidsecconf
 
The 3 Models in the NGINX Microservices Reference Architecture
The 3 Models in the NGINX Microservices Reference ArchitectureThe 3 Models in the NGINX Microservices Reference Architecture
The 3 Models in the NGINX Microservices Reference ArchitectureNGINX, Inc.
 
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open SourceTLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open SourceNGINX, Inc.
 
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source EMEA
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source EMEATLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source EMEA
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source EMEANGINX, Inc.
 
MRA AMA Part 7: The Circuit Breaker Pattern
MRA AMA Part 7: The Circuit Breaker PatternMRA AMA Part 7: The Circuit Breaker Pattern
MRA AMA Part 7: The Circuit Breaker PatternNGINX, Inc.
 
Monitoring Highly Dynamic and Distributed Systems with NGINX Amplify
Monitoring Highly Dynamic and Distributed Systems with NGINX AmplifyMonitoring Highly Dynamic and Distributed Systems with NGINX Amplify
Monitoring Highly Dynamic and Distributed Systems with NGINX AmplifyNGINX, Inc.
 
Owasp crypto tools and projects
Owasp crypto tools and projectsOwasp crypto tools and projects
Owasp crypto tools and projectsOwaspCzech
 
Crikeycon 2019 Velociraptor Workshop
Crikeycon 2019 Velociraptor WorkshopCrikeycon 2019 Velociraptor Workshop
Crikeycon 2019 Velociraptor WorkshopVelocidex Enterprises
 
An Introduction to DANE - Securing TLS using DNSSEC
An Introduction to DANE - Securing TLS using DNSSECAn Introduction to DANE - Securing TLS using DNSSEC
An Introduction to DANE - Securing TLS using DNSSECCarlos Martinez Cagnazzo
 
Bridges and Tunnels: A Drive Through OpenStack Networking
Bridges and Tunnels: A Drive Through OpenStack NetworkingBridges and Tunnels: A Drive Through OpenStack Networking
Bridges and Tunnels: A Drive Through OpenStack Networkingmarkmcclain
 
Running a Robust DNS Infrastructure with CloudFlare Virtual DNS
Running a Robust DNS Infrastructure with CloudFlare Virtual DNSRunning a Robust DNS Infrastructure with CloudFlare Virtual DNS
Running a Robust DNS Infrastructure with CloudFlare Virtual DNSCloudflare
 
Reinventing anon email
Reinventing anon emailReinventing anon email
Reinventing anon emailantitree
 
CNIT 128 3. Attacking iOS Applications (Part 1)
CNIT 128 3. Attacking iOS Applications (Part 1)CNIT 128 3. Attacking iOS Applications (Part 1)
CNIT 128 3. Attacking iOS Applications (Part 1)Sam Bowne
 
Go Containers
Go ContainersGo Containers
Go ContainersCloudflare
 
Secure 2013 Poland
Secure 2013 PolandSecure 2013 Poland
Secure 2013 PolandCloudflare
 

More Related Content

What's hot

An analysis of TLS handshake proxying
An analysis of TLS handshake proxyingAn analysis of TLS handshake proxying
An analysis of TLS handshake proxyingNick Sullivan
 
Bringing Elliptic Curve Cryptography into the Mainstream
Bringing Elliptic Curve Cryptography into the MainstreamBringing Elliptic Curve Cryptography into the Mainstream
Bringing Elliptic Curve Cryptography into the MainstreamNick Sullivan
 
CFSSL 1.1: The Evolution of a PKI toolkit - DEF CON 23
CFSSL 1.1: The Evolution of a PKI toolkit - DEF CON 23CFSSL 1.1: The Evolution of a PKI toolkit - DEF CON 23
CFSSL 1.1: The Evolution of a PKI toolkit - DEF CON 23Nick Sullivan
 
What's New in Go Crypto - Gotham Go
What's New in Go Crypto - Gotham GoWhat's New in Go Crypto - Gotham Go
What's New in Go Crypto - Gotham GoNick Sullivan
 
Overview of SSL: choose the option that's right for you
Overview of SSL: choose the option that's right for youOverview of SSL: choose the option that's right for you
Overview of SSL: choose the option that's right for youCloudflare
 
DEVNET-1007 Network Infrastructure as Code with Chef and Cisco
DEVNET-1007 Network Infrastructure as Code with Chef and CiscoDEVNET-1007 Network Infrastructure as Code with Chef and Cisco
DEVNET-1007 Network Infrastructure as Code with Chef and CiscoCisco DevNet
 
Security with VA Smalltalk
Security with VA SmalltalkSecurity with VA Smalltalk
Security with VA SmalltalkESUG
 
y3dips hacking priv8 network
y3dips hacking priv8 networky3dips hacking priv8 network
y3dips hacking priv8 networkidsecconf
 
The 3 Models in the NGINX Microservices Reference Architecture
The 3 Models in the NGINX Microservices Reference ArchitectureThe 3 Models in the NGINX Microservices Reference Architecture
The 3 Models in the NGINX Microservices Reference ArchitectureNGINX, Inc.
 
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open SourceTLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open SourceNGINX, Inc.
 
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source EMEA
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source EMEATLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source EMEA
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source EMEANGINX, Inc.
 
MRA AMA Part 7: The Circuit Breaker Pattern
MRA AMA Part 7: The Circuit Breaker PatternMRA AMA Part 7: The Circuit Breaker Pattern
MRA AMA Part 7: The Circuit Breaker PatternNGINX, Inc.
 
Monitoring Highly Dynamic and Distributed Systems with NGINX Amplify
Monitoring Highly Dynamic and Distributed Systems with NGINX AmplifyMonitoring Highly Dynamic and Distributed Systems with NGINX Amplify
Monitoring Highly Dynamic and Distributed Systems with NGINX AmplifyNGINX, Inc.
 
Owasp crypto tools and projects
Owasp crypto tools and projectsOwasp crypto tools and projects
Owasp crypto tools and projectsOwaspCzech
 
Crikeycon 2019 Velociraptor Workshop
Crikeycon 2019 Velociraptor WorkshopCrikeycon 2019 Velociraptor Workshop
Crikeycon 2019 Velociraptor WorkshopVelocidex Enterprises
 
An Introduction to DANE - Securing TLS using DNSSEC
An Introduction to DANE - Securing TLS using DNSSECAn Introduction to DANE - Securing TLS using DNSSEC
An Introduction to DANE - Securing TLS using DNSSECCarlos Martinez Cagnazzo
 
Bridges and Tunnels: A Drive Through OpenStack Networking
Bridges and Tunnels: A Drive Through OpenStack NetworkingBridges and Tunnels: A Drive Through OpenStack Networking
Bridges and Tunnels: A Drive Through OpenStack Networkingmarkmcclain
 
Running a Robust DNS Infrastructure with CloudFlare Virtual DNS
Running a Robust DNS Infrastructure with CloudFlare Virtual DNSRunning a Robust DNS Infrastructure with CloudFlare Virtual DNS
Running a Robust DNS Infrastructure with CloudFlare Virtual DNSCloudflare
 
Reinventing anon email
Reinventing anon emailReinventing anon email
Reinventing anon emailantitree
 
CNIT 128 3. Attacking iOS Applications (Part 1)
CNIT 128 3. Attacking iOS Applications (Part 1)CNIT 128 3. Attacking iOS Applications (Part 1)
CNIT 128 3. Attacking iOS Applications (Part 1)Sam Bowne
 

What's hot (20)

An analysis of TLS handshake proxying
An analysis of TLS handshake proxyingAn analysis of TLS handshake proxying
An analysis of TLS handshake proxying
 
Bringing Elliptic Curve Cryptography into the Mainstream
Bringing Elliptic Curve Cryptography into the MainstreamBringing Elliptic Curve Cryptography into the Mainstream
Bringing Elliptic Curve Cryptography into the Mainstream
 
CFSSL 1.1: The Evolution of a PKI toolkit - DEF CON 23
CFSSL 1.1: The Evolution of a PKI toolkit - DEF CON 23CFSSL 1.1: The Evolution of a PKI toolkit - DEF CON 23
CFSSL 1.1: The Evolution of a PKI toolkit - DEF CON 23
 
What's New in Go Crypto - Gotham Go
What's New in Go Crypto - Gotham GoWhat's New in Go Crypto - Gotham Go
What's New in Go Crypto - Gotham Go
 
Overview of SSL: choose the option that's right for you
Overview of SSL: choose the option that's right for youOverview of SSL: choose the option that's right for you
Overview of SSL: choose the option that's right for you
 
DEVNET-1007 Network Infrastructure as Code with Chef and Cisco
DEVNET-1007 Network Infrastructure as Code with Chef and CiscoDEVNET-1007 Network Infrastructure as Code with Chef and Cisco
DEVNET-1007 Network Infrastructure as Code with Chef and Cisco
 
Security with VA Smalltalk
Security with VA SmalltalkSecurity with VA Smalltalk
Security with VA Smalltalk
 
y3dips hacking priv8 network
y3dips hacking priv8 networky3dips hacking priv8 network
y3dips hacking priv8 network
 
The 3 Models in the NGINX Microservices Reference Architecture
The 3 Models in the NGINX Microservices Reference ArchitectureThe 3 Models in the NGINX Microservices Reference Architecture
The 3 Models in the NGINX Microservices Reference Architecture
 
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open SourceTLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source
 
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source EMEA
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source EMEATLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source EMEA
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source EMEA
 
MRA AMA Part 7: The Circuit Breaker Pattern
MRA AMA Part 7: The Circuit Breaker PatternMRA AMA Part 7: The Circuit Breaker Pattern
MRA AMA Part 7: The Circuit Breaker Pattern
 
Monitoring Highly Dynamic and Distributed Systems with NGINX Amplify
Monitoring Highly Dynamic and Distributed Systems with NGINX AmplifyMonitoring Highly Dynamic and Distributed Systems with NGINX Amplify
Monitoring Highly Dynamic and Distributed Systems with NGINX Amplify
 
Owasp crypto tools and projects
Owasp crypto tools and projectsOwasp crypto tools and projects
Owasp crypto tools and projects
 
Crikeycon 2019 Velociraptor Workshop
Crikeycon 2019 Velociraptor WorkshopCrikeycon 2019 Velociraptor Workshop
Crikeycon 2019 Velociraptor Workshop
 
An Introduction to DANE - Securing TLS using DNSSEC
An Introduction to DANE - Securing TLS using DNSSECAn Introduction to DANE - Securing TLS using DNSSEC
An Introduction to DANE - Securing TLS using DNSSEC
 
Bridges and Tunnels: A Drive Through OpenStack Networking
Bridges and Tunnels: A Drive Through OpenStack NetworkingBridges and Tunnels: A Drive Through OpenStack Networking
Bridges and Tunnels: A Drive Through OpenStack Networking
 
Running a Robust DNS Infrastructure with CloudFlare Virtual DNS
Running a Robust DNS Infrastructure with CloudFlare Virtual DNSRunning a Robust DNS Infrastructure with CloudFlare Virtual DNS
Running a Robust DNS Infrastructure with CloudFlare Virtual DNS
 
Reinventing anon email
Reinventing anon emailReinventing anon email
Reinventing anon email
 
CNIT 128 3. Attacking iOS Applications (Part 1)
CNIT 128 3. Attacking iOS Applications (Part 1)CNIT 128 3. Attacking iOS Applications (Part 1)
CNIT 128 3. Attacking iOS Applications (Part 1)
 

Viewers also liked

Secure 2013 Poland
Secure 2013 PolandSecure 2013 Poland
Secure 2013 PolandCloudflare
 
CloudFlare - The Heartbleed Bug - Webinar
CloudFlare - The Heartbleed Bug - WebinarCloudFlare - The Heartbleed Bug - Webinar
CloudFlare - The Heartbleed Bug - WebinarCloudflare
 
Managing Traffic Spikes This Holiday Season
Managing Traffic Spikes This Holiday Season Managing Traffic Spikes This Holiday Season
Managing Traffic Spikes This Holiday Season Cloudflare
 
WordPress London Meetup January 2012
WordPress London Meetup January 2012WordPress London Meetup January 2012
WordPress London Meetup January 2012Cloudflare
 
How to Meet FFIEC Regulations and Protect Your Bank from Cyber Attacks
How to Meet FFIEC Regulations and Protect Your Bank from Cyber AttacksHow to Meet FFIEC Regulations and Protect Your Bank from Cyber Attacks
How to Meet FFIEC Regulations and Protect Your Bank from Cyber AttacksCloudflare
 
A Channel Compendium
A Channel CompendiumA Channel Compendium
A Channel CompendiumCloudflare
 
Go Profiling - John Graham-Cumming
Go Profiling - John Graham-Cumming Go Profiling - John Graham-Cumming
Go Profiling - John Graham-Cumming Cloudflare
 
Hardening Microservices Security: Building a Layered Defense Strategy
Hardening Microservices Security: Building a Layered Defense StrategyHardening Microservices Security: Building a Layered Defense Strategy
Hardening Microservices Security: Building a Layered Defense StrategyCloudflare
 
Latest Trends in Web Application Security
Latest Trends in Web Application SecurityLatest Trends in Web Application Security
Latest Trends in Web Application SecurityCloudflare
 
Surviving A DDoS Attack: Securing CDN Traffic at CloudFlare
Surviving A DDoS Attack: Securing CDN Traffic at CloudFlareSurviving A DDoS Attack: Securing CDN Traffic at CloudFlare
Surviving A DDoS Attack: Securing CDN Traffic at CloudFlareCloudflare
 
Wireless Sensor Networks: Nothing is Out of Reach
Wireless Sensor Networks: Nothing is Out of ReachWireless Sensor Networks: Nothing is Out of Reach
Wireless Sensor Networks: Nothing is Out of ReachEnergySec
 
Where Are All The ICS Attacks?
Where Are All The ICS Attacks?Where Are All The ICS Attacks?
Where Are All The ICS Attacks?EnergySec
 
Gary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber DefenseGary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber DefenseEnergySec
 
Compromising Industrial Facilities From 40 Miles Away
Compromising Industrial Facilities From 40 Miles AwayCompromising Industrial Facilities From 40 Miles Away
Compromising Industrial Facilities From 40 Miles AwayEnergySec
 
Please, Come and Hack my SCADA System!
Please, Come and Hack my SCADA System!Please, Come and Hack my SCADA System!
Please, Come and Hack my SCADA System!EnergySec
 
What to do when pseudo- is not good enough
What to do when pseudo- is not good enoughWhat to do when pseudo- is not good enough
What to do when pseudo- is not good enoughAngel Marchev
 

Viewers also liked (18)

Go Containers
Go ContainersGo Containers
Go Containers
 
Secure 2013 Poland
Secure 2013 PolandSecure 2013 Poland
Secure 2013 Poland
 
CloudFlare - The Heartbleed Bug - Webinar
CloudFlare - The Heartbleed Bug - WebinarCloudFlare - The Heartbleed Bug - Webinar
CloudFlare - The Heartbleed Bug - Webinar
 
SortaSQL
SortaSQLSortaSQL
SortaSQL
 
Managing Traffic Spikes This Holiday Season
Managing Traffic Spikes This Holiday Season Managing Traffic Spikes This Holiday Season
Managing Traffic Spikes This Holiday Season
 
WordPress London Meetup January 2012
WordPress London Meetup January 2012WordPress London Meetup January 2012
WordPress London Meetup January 2012
 
How to Meet FFIEC Regulations and Protect Your Bank from Cyber Attacks
How to Meet FFIEC Regulations and Protect Your Bank from Cyber AttacksHow to Meet FFIEC Regulations and Protect Your Bank from Cyber Attacks
How to Meet FFIEC Regulations and Protect Your Bank from Cyber Attacks
 
A Channel Compendium
A Channel CompendiumA Channel Compendium
A Channel Compendium
 
Go Profiling - John Graham-Cumming
Go Profiling - John Graham-Cumming Go Profiling - John Graham-Cumming
Go Profiling - John Graham-Cumming
 
Hardening Microservices Security: Building a Layered Defense Strategy
Hardening Microservices Security: Building a Layered Defense StrategyHardening Microservices Security: Building a Layered Defense Strategy
Hardening Microservices Security: Building a Layered Defense Strategy
 
Latest Trends in Web Application Security
Latest Trends in Web Application SecurityLatest Trends in Web Application Security
Latest Trends in Web Application Security
 
Surviving A DDoS Attack: Securing CDN Traffic at CloudFlare
Surviving A DDoS Attack: Securing CDN Traffic at CloudFlareSurviving A DDoS Attack: Securing CDN Traffic at CloudFlare
Surviving A DDoS Attack: Securing CDN Traffic at CloudFlare
 
Wireless Sensor Networks: Nothing is Out of Reach
Wireless Sensor Networks: Nothing is Out of ReachWireless Sensor Networks: Nothing is Out of Reach
Wireless Sensor Networks: Nothing is Out of Reach
 
Where Are All The ICS Attacks?
Where Are All The ICS Attacks?Where Are All The ICS Attacks?
Where Are All The ICS Attacks?
 
Gary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber DefenseGary Leatherman - A Holistic Approach for Reimagining Cyber Defense
Gary Leatherman - A Holistic Approach for Reimagining Cyber Defense
 
Compromising Industrial Facilities From 40 Miles Away
Compromising Industrial Facilities From 40 Miles AwayCompromising Industrial Facilities From 40 Miles Away
Compromising Industrial Facilities From 40 Miles Away
 
Please, Come and Hack my SCADA System!
Please, Come and Hack my SCADA System!Please, Come and Hack my SCADA System!
Please, Come and Hack my SCADA System!
 
What to do when pseudo- is not good enough
What to do when pseudo- is not good enoughWhat to do when pseudo- is not good enough
What to do when pseudo- is not good enough
 

Similar to Sullivan randomness-infiltrate 2014

CNIT 125 Ch 4. Security Engineering (Part 2)
CNIT 125 Ch 4. Security Engineering (Part 2)CNIT 125 Ch 4. Security Engineering (Part 2)
CNIT 125 Ch 4. Security Engineering (Part 2)Sam Bowne
 
CNIT 123 12: Cryptography
CNIT 123 12: CryptographyCNIT 123 12: Cryptography
CNIT 123 12: CryptographySam Bowne
 
DEFCON 23 - Eijah - crypto for hackers
DEFCON 23 - Eijah - crypto for hackersDEFCON 23 - Eijah - crypto for hackers
DEFCON 23 - Eijah - crypto for hackersFelipe Prado
 
Ch 12: Cryptography
Ch 12: CryptographyCh 12: Cryptography
Ch 12: CryptographySam Bowne
 
CISSP Prep: Ch 4. Security Engineering (Part 2)
CISSP Prep: Ch 4. Security Engineering (Part 2)CISSP Prep: Ch 4. Security Engineering (Part 2)
CISSP Prep: Ch 4. Security Engineering (Part 2)Sam Bowne
 
Quantum cryptography by Girisha Shankar, Sr. Manager, Cisco
Quantum cryptography by Girisha Shankar, Sr. Manager, CiscoQuantum cryptography by Girisha Shankar, Sr. Manager, Cisco
Quantum cryptography by Girisha Shankar, Sr. Manager, CiscoVishnu Pendyala
 
Cryptography & Steganography
Cryptography & SteganographyCryptography & Steganography
Cryptography & SteganographyAnimesh Shaw
 
Bitcoin Keys, Addresses & Wallets
Bitcoin Keys, Addresses & WalletsBitcoin Keys, Addresses & Wallets
Bitcoin Keys, Addresses & WalletsChristopher Allen
 
Common crypto attacks and secure implementations
Common crypto attacks and secure implementationsCommon crypto attacks and secure implementations
Common crypto attacks and secure implementationsTrupti Shiralkar, CISSP
 
CNIT 141: 4. Block Ciphers
CNIT 141: 4. Block CiphersCNIT 141: 4. Block Ciphers
CNIT 141: 4. Block CiphersSam Bowne
 
Applied cryptanalysis - stream ciphers
Applied cryptanalysis - stream ciphersApplied cryptanalysis - stream ciphers
Applied cryptanalysis - stream ciphersVlad Garbuz
 
«Applied cryptanalysis stream ciphers» by Vladimir Garbuz
«Applied cryptanalysis stream ciphers» by Vladimir Garbuz «Applied cryptanalysis stream ciphers» by Vladimir Garbuz
«Applied cryptanalysis stream ciphers» by Vladimir Garbuz 0xdec0de
 
Cryptography and steganography lesson and discription.pptx
Cryptography and steganography lesson and discription.pptxCryptography and steganography lesson and discription.pptx
Cryptography and steganography lesson and discription.pptxRobertCarreonBula
 
Cryptography
CryptographyCryptography
CryptographyPPT4U
 

Similar to Sullivan randomness-infiltrate 2014 (20)

CNIT 125 Ch 4. Security Engineering (Part 2)
CNIT 125 Ch 4. Security Engineering (Part 2)CNIT 125 Ch 4. Security Engineering (Part 2)
CNIT 125 Ch 4. Security Engineering (Part 2)
 
CNIT 123 12: Cryptography
CNIT 123 12: CryptographyCNIT 123 12: Cryptography
CNIT 123 12: Cryptography
 
DEFCON 23 - Eijah - crypto for hackers
DEFCON 23 - Eijah - crypto for hackersDEFCON 23 - Eijah - crypto for hackers
DEFCON 23 - Eijah - crypto for hackers
 
Ch 12: Cryptography
Ch 12: CryptographyCh 12: Cryptography
Ch 12: Cryptography
 
CISSP Prep: Ch 4. Security Engineering (Part 2)
CISSP Prep: Ch 4. Security Engineering (Part 2)CISSP Prep: Ch 4. Security Engineering (Part 2)
CISSP Prep: Ch 4. Security Engineering (Part 2)
 
Cryptography
CryptographyCryptography
Cryptography
 
OWASP Much ado about randomness
OWASP Much ado about randomnessOWASP Much ado about randomness
OWASP Much ado about randomness
 
Symmetric encryption
Symmetric encryptionSymmetric encryption
Symmetric encryption
 
Quantum cryptography by Girisha Shankar, Sr. Manager, Cisco
Quantum cryptography by Girisha Shankar, Sr. Manager, CiscoQuantum cryptography by Girisha Shankar, Sr. Manager, Cisco
Quantum cryptography by Girisha Shankar, Sr. Manager, Cisco
 
nabdullin_brcrdu_dark
nabdullin_brcrdu_darknabdullin_brcrdu_dark
nabdullin_brcrdu_dark
 
Cryptography & Steganography
Cryptography & SteganographyCryptography & Steganography
Cryptography & Steganography
 
Bitcoin Keys, Addresses & Wallets
Bitcoin Keys, Addresses & WalletsBitcoin Keys, Addresses & Wallets
Bitcoin Keys, Addresses & Wallets
 
Common crypto attacks and secure implementations
Common crypto attacks and secure implementationsCommon crypto attacks and secure implementations
Common crypto attacks and secure implementations
 
CNIT 141: 4. Block Ciphers
CNIT 141: 4. Block CiphersCNIT 141: 4. Block Ciphers
CNIT 141: 4. Block Ciphers
 
Applied cryptanalysis - stream ciphers
Applied cryptanalysis - stream ciphersApplied cryptanalysis - stream ciphers
Applied cryptanalysis - stream ciphers
 
«Applied cryptanalysis stream ciphers» by Vladimir Garbuz
«Applied cryptanalysis stream ciphers» by Vladimir Garbuz «Applied cryptanalysis stream ciphers» by Vladimir Garbuz
«Applied cryptanalysis stream ciphers» by Vladimir Garbuz
 
Cryptography and steganography lesson and discription.pptx
Cryptography and steganography lesson and discription.pptxCryptography and steganography lesson and discription.pptx
Cryptography and steganography lesson and discription.pptx
 
Cryptography-101
Cryptography-101Cryptography-101
Cryptography-101
 
Cryptography - 101
Cryptography - 101Cryptography - 101
Cryptography - 101
 
Cryptography
CryptographyCryptography
Cryptography
 

More from Cloudflare

Succeeding with Secure Access Service Edge (SASE)
Succeeding with Secure Access Service Edge (SASE)Succeeding with Secure Access Service Edge (SASE)
Succeeding with Secure Access Service Edge (SASE)Cloudflare
 
Close your security gaps and get 100% of your traffic protected with Cloudflare
Close your security gaps and get 100% of your traffic protected with CloudflareClose your security gaps and get 100% of your traffic protected with Cloudflare
Close your security gaps and get 100% of your traffic protected with CloudflareCloudflare
 
Why you should replace your d do s hardware appliance
Why you should replace your d do s hardware applianceWhy you should replace your d do s hardware appliance
Why you should replace your d do s hardware applianceCloudflare
 
Don't Let Bots Ruin Your Holiday Business - Snackable Webinar
Don't Let Bots Ruin Your Holiday Business - Snackable WebinarDon't Let Bots Ruin Your Holiday Business - Snackable Webinar
Don't Let Bots Ruin Your Holiday Business - Snackable WebinarCloudflare
 
Why Zero Trust Architecture Will Become the New Normal in 2021
Why Zero Trust Architecture Will Become the New Normal in 2021Why Zero Trust Architecture Will Become the New Normal in 2021
Why Zero Trust Architecture Will Become the New Normal in 2021Cloudflare
 
HARTMANN and Cloudflare Learn how healthcare providers can build resilient in...
HARTMANN and Cloudflare Learn how healthcare providers can build resilient in...HARTMANN and Cloudflare Learn how healthcare providers can build resilient in...
HARTMANN and Cloudflare Learn how healthcare providers can build resilient in...Cloudflare
 
Zero trust for everybody: 3 ways to get there fast
Zero trust for everybody: 3 ways to get there fastZero trust for everybody: 3 ways to get there fast
Zero trust for everybody: 3 ways to get there fastCloudflare
 
LendingTree and Cloudflare: Ensuring zero trade-off between security and cust...
LendingTree and Cloudflare: Ensuring zero trade-off between security and cust...LendingTree and Cloudflare: Ensuring zero trade-off between security and cust...
LendingTree and Cloudflare: Ensuring zero trade-off between security and cust...Cloudflare
 
Network Transformation: What it is, and how it’s helping companies stay secur...
Network Transformation: What it is, and how it’s helping companies stay secur...Network Transformation: What it is, and how it’s helping companies stay secur...
Network Transformation: What it is, and how it’s helping companies stay secur...Cloudflare
 
Scaling service provider business with DDoS-mitigation-as-a-service
Scaling service provider business with DDoS-mitigation-as-a-serviceScaling service provider business with DDoS-mitigation-as-a-service
Scaling service provider business with DDoS-mitigation-as-a-serviceCloudflare
 
Application layer attack trends through the lens of Cloudflare data
Application layer attack trends through the lens of Cloudflare dataApplication layer attack trends through the lens of Cloudflare data
Application layer attack trends through the lens of Cloudflare dataCloudflare
 
Recent DDoS attack trends, and how you should respond
Recent DDoS attack trends, and how you should respondRecent DDoS attack trends, and how you should respond
Recent DDoS attack trends, and how you should respondCloudflare
 
Cybersecurity 2020 threat landscape and its implications (AMER)
Cybersecurity 2020 threat landscape and its implications (AMER)Cybersecurity 2020 threat landscape and its implications (AMER)
Cybersecurity 2020 threat landscape and its implications (AMER)Cloudflare
 
Strengthening security posture for modern-age SaaS providers
Strengthening security posture for modern-age SaaS providersStrengthening security posture for modern-age SaaS providers
Strengthening security posture for modern-age SaaS providersCloudflare
 
Kentik and Cloudflare Partner to Mitigate Advanced DDoS Attacks
Kentik and Cloudflare Partner to Mitigate Advanced DDoS AttacksKentik and Cloudflare Partner to Mitigate Advanced DDoS Attacks
Kentik and Cloudflare Partner to Mitigate Advanced DDoS AttacksCloudflare
 
Stopping DDoS Attacks in North America
Stopping DDoS Attacks in North AmericaStopping DDoS Attacks in North America
Stopping DDoS Attacks in North AmericaCloudflare
 
It’s 9AM... Do you know what’s happening on your network?
It’s 9AM... Do you know what’s happening on your network?It’s 9AM... Do you know what’s happening on your network?
It’s 9AM... Do you know what’s happening on your network?Cloudflare
 
Cyber security fundamentals (simplified chinese)
Cyber security fundamentals (simplified chinese)Cyber security fundamentals (simplified chinese)
Cyber security fundamentals (simplified chinese)Cloudflare
 
Bring speed and security to the intranet with cloudflare for teams
Bring speed and security to the intranet with cloudflare for teamsBring speed and security to the intranet with cloudflare for teams
Bring speed and security to the intranet with cloudflare for teamsCloudflare
 
Accelerate your digital transformation
Accelerate your digital transformationAccelerate your digital transformation
Accelerate your digital transformationCloudflare
 

More from Cloudflare (20)

Succeeding with Secure Access Service Edge (SASE)
Succeeding with Secure Access Service Edge (SASE)Succeeding with Secure Access Service Edge (SASE)
Succeeding with Secure Access Service Edge (SASE)
 
Close your security gaps and get 100% of your traffic protected with Cloudflare
Close your security gaps and get 100% of your traffic protected with CloudflareClose your security gaps and get 100% of your traffic protected with Cloudflare
Close your security gaps and get 100% of your traffic protected with Cloudflare
 
Why you should replace your d do s hardware appliance
Why you should replace your d do s hardware applianceWhy you should replace your d do s hardware appliance
Why you should replace your d do s hardware appliance
 
Don't Let Bots Ruin Your Holiday Business - Snackable Webinar
Don't Let Bots Ruin Your Holiday Business - Snackable WebinarDon't Let Bots Ruin Your Holiday Business - Snackable Webinar
Don't Let Bots Ruin Your Holiday Business - Snackable Webinar
 
Why Zero Trust Architecture Will Become the New Normal in 2021
Why Zero Trust Architecture Will Become the New Normal in 2021Why Zero Trust Architecture Will Become the New Normal in 2021
Why Zero Trust Architecture Will Become the New Normal in 2021
 
HARTMANN and Cloudflare Learn how healthcare providers can build resilient in...
HARTMANN and Cloudflare Learn how healthcare providers can build resilient in...HARTMANN and Cloudflare Learn how healthcare providers can build resilient in...
HARTMANN and Cloudflare Learn how healthcare providers can build resilient in...
 
Zero trust for everybody: 3 ways to get there fast
Zero trust for everybody: 3 ways to get there fastZero trust for everybody: 3 ways to get there fast
Zero trust for everybody: 3 ways to get there fast
 
LendingTree and Cloudflare: Ensuring zero trade-off between security and cust...
LendingTree and Cloudflare: Ensuring zero trade-off between security and cust...LendingTree and Cloudflare: Ensuring zero trade-off between security and cust...
LendingTree and Cloudflare: Ensuring zero trade-off between security and cust...
 
Network Transformation: What it is, and how it’s helping companies stay secur...
Network Transformation: What it is, and how it’s helping companies stay secur...Network Transformation: What it is, and how it’s helping companies stay secur...
Network Transformation: What it is, and how it’s helping companies stay secur...
 
Scaling service provider business with DDoS-mitigation-as-a-service
Scaling service provider business with DDoS-mitigation-as-a-serviceScaling service provider business with DDoS-mitigation-as-a-service
Scaling service provider business with DDoS-mitigation-as-a-service
 
Application layer attack trends through the lens of Cloudflare data
Application layer attack trends through the lens of Cloudflare dataApplication layer attack trends through the lens of Cloudflare data
Application layer attack trends through the lens of Cloudflare data
 
Recent DDoS attack trends, and how you should respond
Recent DDoS attack trends, and how you should respondRecent DDoS attack trends, and how you should respond
Recent DDoS attack trends, and how you should respond
 
Cybersecurity 2020 threat landscape and its implications (AMER)
Cybersecurity 2020 threat landscape and its implications (AMER)Cybersecurity 2020 threat landscape and its implications (AMER)
Cybersecurity 2020 threat landscape and its implications (AMER)
 
Strengthening security posture for modern-age SaaS providers
Strengthening security posture for modern-age SaaS providersStrengthening security posture for modern-age SaaS providers
Strengthening security posture for modern-age SaaS providers
 
Kentik and Cloudflare Partner to Mitigate Advanced DDoS Attacks
Kentik and Cloudflare Partner to Mitigate Advanced DDoS AttacksKentik and Cloudflare Partner to Mitigate Advanced DDoS Attacks
Kentik and Cloudflare Partner to Mitigate Advanced DDoS Attacks
 
Stopping DDoS Attacks in North America
Stopping DDoS Attacks in North AmericaStopping DDoS Attacks in North America
Stopping DDoS Attacks in North America
 
It’s 9AM... Do you know what’s happening on your network?
It’s 9AM... Do you know what’s happening on your network?It’s 9AM... Do you know what’s happening on your network?
It’s 9AM... Do you know what’s happening on your network?
 
Cyber security fundamentals (simplified chinese)
Cyber security fundamentals (simplified chinese)Cyber security fundamentals (simplified chinese)
Cyber security fundamentals (simplified chinese)
 
Bring speed and security to the intranet with cloudflare for teams
Bring speed and security to the intranet with cloudflare for teamsBring speed and security to the intranet with cloudflare for teams
Bring speed and security to the intranet with cloudflare for teams
 
Accelerate your digital transformation
Accelerate your digital transformationAccelerate your digital transformation
Accelerate your digital transformation
 

Recently uploaded

FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607dollysharma2066
 
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on DeliveryCall Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Deliverybabeytanya
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts servicevipmodelshub1
 
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Dana Luther
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGAPNIC
 
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service PuneVIP Call Girls Pune Madhuri 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service PuneCall girls in Ahmedabad High profile
 
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls KolkataVIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...Diya Sharma
 
10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls
10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls
10.pdfMature Call girls in Dubai +971563133746 Dubai Call girlsstephieert
 
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With RoomVIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Roomdivyansh0kumar0
 
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$kojalkojal131
 
Gram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of indiaGram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of indiaimessage0108
 
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Servicesexy call girls service in goa
 
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With RoomVIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Roomgirls4nights
 
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝soniya singh
 

Recently uploaded (20)

Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
 
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
 
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on DeliveryCall Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
 
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
 
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICECall Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
 
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOG
 
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service PuneVIP Call Girls Pune Madhuri 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service Pune
 
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls KolkataVIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
 
10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls
10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls
10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls
 
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With RoomVIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
 
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
 
Gram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of indiaGram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of india
 
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
 
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With RoomVIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
 
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
 

Sullivan randomness-infiltrate 2014

  • 1. Nick Sullivan @grittygrease May 16, 2014 Exploiting Randomness Some fun exploits you can do with a compromised random number generator
  • 2. Who Am I? • Cryptography Engineer, Security Researcher • Lead the CloudFlare Security Engineering Team • Work with Cryptography at scale • Builder and Breaker 2
  • 4. Randomness • What is randomness? • Why is randomness important? • How bad randomness can destroy a computer security system 4
  • 5. Randomness • Broken random number generator is very problematic ! • This talk demos attacks on: • Bitcoin • TLS/SSL 5
  • 6. Randomness • Random number generators can be compromised in multiple ways ! • Explicit subversion • Algorithmic weakness • Poor seeding ! • All three are exploitable 6
  • 7. The Internet is broken 7
  • 8. The Internet is broken • A failure of trust at scale • Slow adoption by community of new standards • DNSSEC • Perfect Forward Secrecy • Fundamental parts of it are broken • Revocation — as shown by Heartbleed vulnerability 8
  • 9. A trying year • Events since June 2013 exposed fragility • Threats moved from theoretical to concrete • Opinions of the “paranoid” are now mainstream 9
  • 10. Leaked documents • Purported attempts to subvert public standards and open source projects • Subversion of random number generation • I can talk about this since I was never involved 10
  • 12. Dual_EC_DRBG • It was reported that RSA took 10 million to make Dual_EC_DRBG default in BSAFE in 2004 • Removed as default in 2013 12
  • 13. Dual_EC_DRBG • Clumsy, slow random number generator based on elliptic curves • Came with two “random” starting points • Missed opportunity(?) if they are random • Starting points can be chosen such that creator has a back door • Patented by Vanstone and Brown (2005) • 32 bytes of data reveal entire stream 13
  • 14. Dual_EC_DRBG • Internal state is entirely dependent on the seed 14
  • 15. Dual_EC_DRBG • TLS client hello only reveals 28 bytes of random • RSA implemented non-standard “extended random” TLS extension • Reveals the full 32 bytes of consecutive data required 15
  • 16. Dual_EC_DRBG • “On the Practical Exploitability of Dual EC in TLS Implementations” - 2014 • Lange, Bernstein, Green, et al. • Looked into OpenSSL-FIPS, SChannel, BSAFE, used trojaned points ! • Findings • TLS for each are fingerprintable • TLS session key in seconds to hours of computation — passively 16
  • 17. Dual_EC_DRBG - Takeaways • Many protocols include random values (nonces, IVs, session ids, etc.) • Internal state can be recovered with this data • All future random can be derived from internal state 17
  • 19. Intel RDRAND • IvyBridge and later random number generator — in hardware • Designed to be fast • Has an AES-based “whitening” step at the end 19
  • 21. Intel RDRAND • Exploitability: it’s a hardware instruction • Virtualized environments - override from hypervisor • Microcode updates ! • Verifiability • Designers have not looked at production chips in Haswell • Is there a backdoor in silicon? Hard to tell. 21
  • 22. Intel RDRAND • FreeBSD and Linux patched to make RDRAND sole source of entropy • Eventually patches were blocked or reverted • Linux now mixes RDRAND into /dev/random ! • What motivated these patches? 22
  • 23. Intel RDRAND - takeaways • Randomness can come from hardware • Should be mixed with other sources • Looking at randomness does not reveal backdoors 23
  • 24. A bit about entropy 24
  • 25. A bit about entropy • Why is RDRAND dangerous on its own, but ok to mix? ! • Statistical randomness is not enough • Cryptographic randomness needs • To be unpredictable • To have high entropy 25
  • 26. A bit about entropy • Entropy is the amount of information contained in a sequence of numbers • If you know the sequence, it is predictable ! • The digits of pi are statistically random, but are predictable • The entropy is equivalent to the definition: “ratio of circumference to diameter of a circle” • This sentence only needs a few bytes to express 26
  • 27. A bit about entropy • Entropy is in the eyes of the beholder • Known information takes away from the entropy • Digits of pi have high entropy to someone who doesn’t know math ! • The NIST random beacon is not cryptographic randomness • Generated with high entropy process, but disclosed to the world 27
  • 28. A bit about entropy • Encrypted the digits of pi with a 128 bit AES key • Tell the world that’s what it is ! • The entropy to you is low • The entropy to the world is 128 bit 28
  • 29. A bit about entropy • Same with Dual_EC_DRBG • Say P = nQ • The relationship between P & Q can be computed by solving ECDLP • That takes ~2^128 computations • The entropy to the world is 128 bits • The entropy to whoever knows n (the creator) is almost zero given 32 consecutive bytes 29
  • 30. A bit about entropy • Independent entropy is additive • RDRAND is ok to mix in, it can only increase randomness 30
  • 31. The Digital Signature Algorithm (DSA) 31
  • 32. The Digital Signature Algorithm (DSA) • Public Key cryptography primitive proposed in 1991 • Allows the owner of a private key to sign hash of a message • The public key is used to verify the signature 32
  • 33. The Digital Signature Algorithm (DSA) • Where is it used? Everywhere. • What kind of key is your ssh key? • ECDSA: elliptic curve variant used in TLS, bitcoin 33
  • 34. The Digital Signature Algorithm (DSA) • Core complaint: DSA and ECDSA require cryptographic randomness • Repeated signature with same random value reveal the private key 34
  • 35. The Digital Signature Algorithm (DSA) • Signature • Pick a random k • Convolute k with private key and hash of message • Publish R, S ! • Solve DLP on R -> k 35
  • 36. The Digital Signature Algorithm (DSA) • Any known k • Extract private key • Any repeated k with same private key • Extract k 36
  • 37. The Digital Signature Algorithm (DSA) • The Math 37
  • 38. The Digital Signature Algorithm (DSA) • The Math 38
  • 39. The Digital Signature Algorithm (DSA) • Breaking DSA 39
  • 41. Bitcoin • Fundamental security based on ECDSA • Public key hash is your Bitcoin address • Private key allows you to spend • ECDSA signature proves transaction 41
  • 42. Bitcoin • OP_CHECKSIG • Verify that a payment was made 42
  • 43. Bitcoin • Two transactions by same Bitcoin address with same random value k ! • Signature includes S, R • R = kG, where G is base point • If R1 = R1, most likely the same k was used 43
  • 44. Bitcoin • Demo • /fun - hash1="270666214c4a9654e2b0c40cbe6e57331ab2d8034f8c648944d5d3c7550b46dc" - sig1="4830450221009ac20335eb38768d2052be1dbbc3c8f6178407458e51e6b4ad22f1d 91758895b02201b0d10a717ffccbfe5483bb7aa1cdcdc2a4e8775c706aaeddbcbfd55df190 dd5012103ffffc29d98bf4eec11e6948387bdf5928848dca7b83bfde8e0e627e66c706576" - hash2="9bc17698be66f12460b7d7f87e47e1bbc03203194d0cf539ca9b862b23742b0a" - sig2="4830450221009ac20335eb38768d2052be1dbbc3c8f6178407458e51e6b4ad22f1d 91758895b0220507b798addf5097c11fb4ed40518b2c3e468feb3d09a1fea837cf9d16ae2 5ef6012103ffffc29d98bf4eec11e6948387bdf5928848dca7b83bfde8e0e627e66c706576" 44
  • 45. Other DSA risks • VPN signatures • IPSec uses DSA, ECDSA • OpenVPN • SSH keys • Secure boot chain • low entropy boot environments • Codesigning keys 45
  • 46. Symptoms of DSA break • Look at the R value • Repeating R means your key is compromised 46
  • 48. RSA • Public Key Cryptosystem • Basis of the Public Key Infrastructure • Security is based on strength of factoring large numbers ! • RSA modulus N has two factors P & Q • RSA key pairs created by randomly generating P & Q 48
  • 49. RSA • Taiwanese government id: each person has a unique RSA key 49
  • 50. RSA • Factoring P*Q is hard • Factoring P*Q and P*R is easy: Chinese remainder theorem • You can also find the GCD of a large number of numbers ! • Factoring RSA keys from certified smart cards: Coppersmith in the wild - 2013 • This is exactly what Bernstein, Heninger, Lange did 50
  • 51. RSA • They found that some even had recognizable patterns 51
  • 52. RSA • Result of bad entropy initialization, bad RNG • No Demo, https://factorable.net covers it 52
  • 53. RSA • Need to attack before keys are created • Bootloading, early execution vulnerable to weak PRNG • TrueCrypt? GnuPG? Probably. • Rely on system to generate RSA keys • Routers and embedded devices - ephemeral RSA keys 53
  • 54. RSA • What are the symptoms? • No symptoms, totally passive • Where can you harvest public keys? • Scan the internet • PGP lists - keybase.io? 54
  • 56. TLS • The crown jewel of Internet encryption is SSL/TLS • Breaking this removes privacy on the internet • I will demonstrate one attack and point out two others 56
  • 57. Handshake • Breakdown of RSA handshake ! • Random from client • Decryption from server 57
  • 58. Handshake • Breakdown of DHE handshake ! • Random from Client • Random from Server 58
  • 59. DH on the wire • Client sends aG • Server sends bG • Pre-master secret is abG 59
  • 60. Perfect Secrecy • RSA is vulnerable to client randomness bugs — session key leak • ECDSA is vulnerable to server randomness bugs — private key leak • DH is vulnerable to both client and server randomness bugs 60
  • 61. TLS • Demo • node.js server with a modified OpenSSL binding for the RNG • Do a handshake • Measure it, steal DH private key, decrypt stream 61
  • 63. Vectors of attack 63 Application Userland CSPRNG sharedlib /dev/random Kernel timing Hypervisor RDRAND
  • 64. How to exploit more generally • Override RDRAND in hypervisor • Other protocols: OpenVPN, IPSec • Where to find randomness for context: nonces, IVs • Trojan the OS image — /dev/random or system openssl • Extracting RNG state through remote memory disclosure: heartbleed 64
  • 65. More examples from history • RSA • Debian RNG • ECDSA • Sony Playstation 2 • Android Wallet • Examples: iOS 7.0 bootloader RNG — change BIOS 65
  • 66. More targets • Other things that depend on good RNG ! • Session cookies • Kaminsky’s DNS poisoning attack mitigation • Suite B - ECDSA Certificate Authorities 66
  • 67. Conclusion • Randomness is important • Subverting PRNG • Can be done in different layers • Very hard to detect • Exploit bugs in PRNG • Repeated random breaks DSA 67
  • 68. Nick Sullivan @grittygrease May 16, 2014 Exploiting Randomness Some fun exploits you can do with a compromised random number generator