Introduction
In this post you can find an implementation of Diffie-Hellman protocol as well as a brute-force attack against it, which try to recover a private key.
Tuesday 16 September 2014
Friday 12 September 2014
Effects of inadequate randomness in information security
If I were in charge of weakening cryptosystems in the real world, the first thing I would target is random number generators.
Bruce Schneier [1]
When we talk about cryptosystems, one of the first things we need to think is: "random numbers". Because in these kind of systems, random numbers are necessary.
Usually in this area, randomness is used to generate session keys, encryption keys (for example: One time pad requires random keys), to generate primes numbers, etc. We must ensure quality of each key, it needs to have the characteristics of a succession of random numbers, because the quality of system depends in a part of the quality of the key.
If we have a simple generator of pseudorandom numbers ( simple, in this case, it means it will be able to break easily), it will be able to become in the "Achilles' heel" in our cryptosystems.
Usually in this area, randomness is used to generate session keys, encryption keys (for example: One time pad requires random keys), to generate primes numbers, etc. We must ensure quality of each key, it needs to have the characteristics of a succession of random numbers, because the quality of system depends in a part of the quality of the key.
If we have a simple generator of pseudorandom numbers ( simple, in this case, it means it will be able to break easily), it will be able to become in the "Achilles' heel" in our cryptosystems.
Subscribe to:
Posts (Atom)