[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Fri, 20 Sep 2013, Simon Waters wrote:
From memory I think this is one hardly anyone uses because it was known not to be good.Google around, to check my recollection. But I think Microsoft researchers spotted issues with 18 months.
Ah, yes, if the question was about Dual_EC_DRBG, the NIST crypto standard with an NSA backdoor, in general then yes, it is being implemented in OpenSSL-FIPS. I don't know enough about OpenSSL to say where people use this library, but in an earlier blog post Matthew Green explains that "quite a few people" use it:
http://blog.cryptographyengineering.com/2013/09/the-many-flaws-of-dualecdrbg.html
Pseudo Random number generators and crypto systems can be assessed statistically by people with minimal crypto skills. Since the output must look random, there are set tests that must be passed. Since cryptanalysis typically relies on these statistical weaknesses existing, their presence is a red flag. Of course it is still possible to have a weak crypto system or PRNG that generates output that passes all these tests, but it would be very hard to engineer deliberately I suspect.
I'm not sure if it's that hard. I'm also not sure if PRNGs are that easy to verify statistically. Sure, it the "PRNG" simply produces more zeros than ones, that's easy to spot using some basic statistics. But (pseudo) randomness isn't just about this - it shouldn't be predicatable in any way. That's where I believe a lot of buggy PRNGs fail.
(Using unixtime as a seed for a deterministic algorithm, for instance, will likely generate numbers that pass all the basic statisitcal tests, but are by nature extremely predictable.)
Martijn. -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq