We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

How do we know our PRNGs work properly?

Formal Metadata

Title
How do we know our PRNGs work properly?
Title of Series
Number of Parts
147
Author
License
CC Attribution 4.0 International:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Identifiers
Publisher
Release Date
Language

Content Metadata

Subject Area
Genre
Abstract
Pseudo-random number generators (PRNGs) are critical pieces of security infrastructure. Yet, PRNGs are surprisingly difficult to design, implement, and debug. The PRNG vulnerability that we recently found in GnuPG/Libgcrypt (CVE-2016-6313) survived 18 years of service and several expert audits. In this presentation, we not only describe the details of the flaw but, based on our research, explain why the current state of PRNG implementation and quality assurance downright provokes incidents. We also present a PRNG analysis method that we developed and give specific recommendations to implementors of software producing or consuming pseudo-random numbers to ensure correctness.
Keywords