[Cryptography] What's a Plausible Attack On Random Number Generation?
Sandy Harris
sandyinchina at gmail.com
Fri Nov 1 14:25:39 EDT 2013
ianG <iang at iang.org> wrote:
> Good point. The only RNG attack I can think of off-hand for which we have
> reasonable evidence is the Android Bitcoin theft [0]. Very recent. Any
> others?
http://www.cs.berkeley.edu/~daw/papers/ddj-netscape.html
> It would seem that attacking the RNG is rather esoteric.
Perhaps, but we also know that many (I think nearly all)
crypto protocols rely on random numbers so many that
are otherwise thought secure fail if the RNG does.
PGP generates a random key for each message. Use
a sufficiently bad RNG and PGP is easily breakable.
Use one with any weakness at all that the attacker
knows about and an attack on the block cipher is
cheaper than it should be.
The Diffie-Hellman key negotiation protocol used
in IPsec and other things requires that each player
generate a random number. It can be broken if
either RNG is weak.
There are other examples. The problem is not so
much that RNG attacks are known to be widespread
as that, if they do occur they can be very serious.
More information about the cryptography
mailing list