Questions tagged [random]

The generation of random or pseudorandom data, and the use of randomness in security protocols

Use this tag for questions about (pseudo)-random number generation and the use of random numbers and random data in security protocols.

Related tags

Common questions

390 questions
40
votes
4 answers

Is generating random numbers using a smartphone camera a good idea?

Forgive my ignorance on the subject, but I wish to know more and asking (stupid) questions are one way. I was reading http://www.random.org/randomness/ and this idea popped into my head (before the bit about lava-lamps) Considering the…
ian
  • 1,302
  • 11
  • 21
24
votes
7 answers

Are humans a strong or weak RNG?

Thomas Pornin has stated in the past on multiple occasions (I'm not going to source them, he can argue with me if he wants) that humans are bad RNGs. While I agree that human RNG for password generation in the mind is abysmal usually, I wanted to…
Naftuli Kay
  • 6,763
  • 11
  • 49
  • 78
19
votes
3 answers

Does (online) poker require cryptographically secure randomness?

Here’s a quote from a reddit discussion: … for poker [a cryptographically secure RNG] is completely unnecessary. If you have an appropriate unpredictable seed, and you are throwing away a lot of the randomness, MT is perfectly safe. I’d normally…
Konrad Rudolph
  • 301
  • 2
  • 10
18
votes
4 answers

How insecure are non-cryptographic random number generators?

I always hear that C rand() is not secure, but what how many calls would you need to know in order to predict the next value (or at least cut down the possibilities)? Would they have to be sequential? If there isn't good information about rand() I…
user11101
12
votes
2 answers

Can the xor of two RNG outputs ever be less secure than one of them?

Suppose I'm suspicious that one or more (pseudo)-random number generators is cryptographically flawed, perhaps even deliberately backdoored. The RNGs in this case might be either PRNG algorithms, hardware random number generators, or some…
eldentyrell
  • 121
  • 3
12
votes
3 answers

Is a concatenation of random numbers better than a single random number?

We are generating random numbers 16 digits in length. One option that was put forward was to generate four random numbers of 4 digits each and concatenate them instead of just generating a single 16 digit random number. The reason accompanying the…
topher
  • 821
  • 8
  • 13
10
votes
3 answers

Is it worth augmenting /dev/random entropy in software?

Modern Linux systems, especially headless virtuals, often have shallow /dev/random entropy pools, which can cause software to block or fail to run (e.g. Tripwire in FIPS mode) While many agree /dev/urandom is preferred, many packages simply default…
gowenfawr
  • 72,893
  • 17
  • 165
  • 200
8
votes
3 answers

Would it be secure to generate random number using AES?

I know that there are already tools out there to generate cryptographic random number, but I was wondering if using AES could do the same. For example, I have a secret key for AES on my server and a counter in my database. Each time I want to…
Gudradain
  • 6,991
  • 2
  • 27
  • 44
6
votes
1 answer

Difference between pseudorandom generator and pseudorandom function

Is there a difference between a pseudorandom generator (PRG) and a pseudorandom function (PRF)? I read a lot about that things, for example it is possible to build a PRG from PRFs. But I think there is a difference between those two terms.
chris000r
  • 181
  • 4
5
votes
1 answer

Security Implications of Caching Randomness

Is it a bad idea to cache randomness in the general case? My feeling is yes, but I'm having a hard time articulating why. Scenario: A programming language of your choice (e.g. node) uses a native call to generate random bytes (e.g. for creating a…
vincent
  • 171
  • 4
4
votes
2 answers

Is Jericho Comms TRNG reliable?

I'm looking for a method to generate true random bits/numbers on smartphones. Create a custom TRNG seems to be tricky and a lot of people suggest to trust in already existing ones, widely tested and approved. But I've found Jericho Comms, that uses…
3
votes
1 answer

Law of Large Numbers vs. OpenSSL RAND_bytes

I have a system where tens of thousands of users log in whenever they like and my server has to assign them to one of many databases. I would like to distribute the users evenly amongst the databases. I was thinking of using one of two methods, and…
Max
  • 235
  • 2
  • 6
3
votes
1 answer

Tools and methods for analyzing RNGs

What are the common tools and methods used for analyzing and attacking Random Number Generators? I know what characteristics make a good RNG and what a good RNG should do but I do not know how to analyze a RNG when I treat it like a black-box.
user11869
3
votes
1 answer

Skewed Randomness

According to random.org, Any source of true randomness may contain skew towards 0 or 1 in the data I am a bit confused about what this exactly means and why this "skew" is present in all "true random" data. Does this skew risk the integrity of…
Daniel
  • 185
  • 1
  • 6
2
votes
1 answer

-bash: -sudo: command not found

Some dependencies were missing when I installed THC Hydra. I found this site which directs me to install the missing package: sudo apt-get install libsvn-dev libapr1-dev libaprutil1-dev But when I try this, I receive the following error…
thisisjnd
  • 35
  • 1
  • 2
  • 9
1
2