The Sad History of Random Bits
نویسندگان
چکیده
In this paper we examine the history of using random numbers in computer programs. Unfortunately, this history is sad because it is replete with disasters ranging from one of the first pseudo-random number generators, RANDU, being very bad to the most recent efforts by the NSA to undermine the pseudorandom number generator in RSA’s BSAFE cryptographic library. Failures in this area have been both intentional and unintentional, but unfortunately the same sorts of mistakes are repeated. The repeated failures in getting our “random numbers” correct suggests that there might be some systemic reasons for these failures. In this paper we review some of these failures in more detail, and the 2006 Debian OpenSSL Debacle in great detail. This last event left users of Debian and its derivatives with seriously compromised cryptographic capabilities for two years. We also illustrate how this failure can be exploited in an attack. We also modify the concept of a system accident developed in the work of Charles Perrow [1]. We identify some system failures in building pseudo-random number generators and offer some suggestions to help develop PRNGs and other code more securely.
منابع مشابه
An Exegetic Study of the Verse 35 of the Chapter Sad with an Answer to the Objection against the Solomon`s Prayer
Solomon, the prophet, (a) called upon the Almighty God for a unique government, as stated in the verse 35 of Sad: "He said: My Lord! Forgive me and bestow on me sovereignty such shall not belong to any after me." The Almighty God granted him a unique government. Here an objection rises in the mind: why did the prophet called upon God such a government that no one may have after him? Isn`t it a ...
متن کاملHardware Implementation of Dynamic S-BOX to Use in AES Cryptosystem
One of the major cipher symmetric algorithms is AES. Its main feature is to use S-BOX step, which is the only non-linear part of this standard possessing fixed structure. During the previous studies, it was shown that AES standard security was increased by changing the design concepts of S-BOX and production of dynamic S-BOX. In this paper, a change of AES standard security is studied by produc...
متن کاملA Survey of the Raised Objections of the Commentaries of the Verses 31 to 35 of Surah Sad. with an Emphasis on Genealogy and Paleontology
Doubts related to the interpretation of offering delayed prayers not said at proper time, trials, greed and miserliness in the government about the Prophet Sulayman (as) in the interpretation of verses 31 to 35 of Surahs Sad and the commentary narrative related to them, with regard to general and particular priciples respectively of all prophets and specially of Suleiman (as) such as: infallibi...
متن کاملEffects of dietary lead acetate and aluminosilicates on the antioxidative defense system of broilers’ muscle tissues
The objective of this study was to evaluate the effect of dietary supplements with lead acetate and aluminosilicates (ATN) on antioxidative enzyme activities and lipid peroxidation of the heart and skeletal muscle tissues of broiler chickens. Broilers were allotted to four diets including the control group, the Pb group, the aluminosilicate-ATN (antitoxic nutrient) group and the Pb+ATN group, i...
متن کاملInvestigation of Some Attacks on GAGE (v1), InGAGE (v1), (v1.03), and CiliPadi (v1) Variants
In this paper, we present some attacks on GAGE, InGAGE, and CiliPadi which are candidates of the first round of the NIST-LWC competition. GAGE and InGAGE are lightweight sponge based hash function and Authenticated Encryption with Associated Data (AEAD), respectively and support different sets of parameters. The length of hash, key, and tag are always 256, 128, and 128 bits, respec...
متن کامل