Forgive my ignorance on the subject, but I wish to know more and asking (stupid) questions are one way. I was reading http://www.random.org/randomness/ and this idea popped into my head (before the bit about lava-lamps)
Considering the…
Thomas Pornin has stated in the past on multiple occasions (I'm not going to source them, he can argue with me if he wants) that humans are bad RNGs.
While I agree that human RNG for password generation in the mind is abysmal usually, I wanted to…
Here’s a quote from a reddit discussion:
… for poker [a cryptographically secure RNG] is completely unnecessary.
If you have an appropriate unpredictable seed, and you are throwing away a lot of the randomness, MT is perfectly safe.
I’d normally…
I always hear that C rand() is not secure, but what how many calls would you need to know in order to predict the next value (or at least cut down the possibilities)? Would they have to be sequential? If there isn't good information about rand() I…
Suppose I'm suspicious that one or more (pseudo)-random number generators is cryptographically flawed, perhaps even deliberately backdoored. The RNGs in this case might be either PRNG algorithms, hardware random number generators, or some…
We are generating random numbers 16 digits in length. One option that was put forward was to generate four random numbers of 4 digits each and concatenate them instead of just generating a single 16 digit random number. The reason accompanying the…
Modern Linux systems, especially headless virtuals, often have shallow /dev/random entropy pools, which can cause software to block or fail to run (e.g. Tripwire in FIPS mode)
While many agree /dev/urandom is preferred, many packages simply default…
I know that there are already tools out there to generate cryptographic random number, but I was wondering if using AES could do the same.
For example, I have a secret key for AES on my server and a counter in my database. Each time I want to…
Is there a difference between a pseudorandom generator (PRG) and a pseudorandom function (PRF)? I read a lot about that things, for example it is possible to build a PRG from PRFs. But I think there is a difference between those two terms.
Is it a bad idea to cache randomness in the general case? My feeling is yes, but I'm having a hard time articulating why.
Scenario:
A programming language of your choice (e.g. node) uses a native call to generate random bytes (e.g. for creating a…
I'm looking for a method to generate true random bits/numbers on smartphones.
Create a custom TRNG seems to be tricky and a lot of people suggest to trust in already existing ones, widely tested and approved. But I've found Jericho Comms, that uses…
I have a system where tens of thousands of users log in whenever they like and my server has to assign them to one of many databases. I would like to distribute the users evenly amongst the databases. I was thinking of using one of two methods, and…
What are the common tools and methods used for analyzing and attacking Random Number Generators?
I know what characteristics make a good RNG and what a good RNG should do but I do not know how to analyze a RNG when I treat it like a black-box.
According to random.org,
Any source of true randomness may contain skew towards 0 or 1 in the data
I am a bit confused about what this exactly means and why this "skew" is present in all "true random" data. Does this skew risk the integrity of…
Some dependencies were missing when I installed THC Hydra. I found this site which directs me to install the missing package:
sudo apt-get install libsvn-dev libapr1-dev libaprutil1-dev
But when I try this, I receive the following error…
