O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.

Rng keep your key save

404 visualizações

Publicada em

Why a secure Random Number generator is critical to keep keys safe?
What pseudo random number generator does is turn a small ‘seed’ of proper random data into a constant stream of random numbers, which enables you to get such a number with arbitrarily high entropy?
A high entropy means the attacker will know very little about the random numbers the system generates. By very little what I really mean here is an attacker can only guess. Guessing correctly is nearly impossible.
Without randomness it is quite possible to predict the outcome:
Randomness is an essential part of any crypto system.

Publicada em: Tecnologia
  • Entre para ver os comentários

  • Seja a primeira pessoa a gostar disto

Rng keep your key save

  1. 1. Only true random number generation can keep your key safe How the NSA circumvented what was thought to be an unbeatable cryptographic algorithm Blog: https://hsm.utimaco.com/news/
  2. 2. The value of true random numbers in a cryptographic system RNG Key Generation Algorithm True random number seeds are an essential.
  3. 3. The Dual-EC-DRBG Pseudo random number generator scheme described in NIST SP 800-90; 2006 The weakness: Dual_EC_DRBG appears to contain a backdoor Certified DUAL-EC-DRBG: http://csrc.nist.gov/groups/STM/cavp/document s/drbg/drbgval.html
  4. 4. How does it work? Start on P, walk on the curve and after e steps you find Q Considering this large curve parameter, it will take a huge number of steps to compute e If P and Q are known + considering the curve parameter, which is given, and e is the well known secret then its easy to figure basic of a RNG: R= prime number P,Q = Integer value <R s= state of the random number generator s’= the next star of the random number gen. t= random number e=the well known secret r=Ps (mod R) s’=Pr (mod R) t=Qr (mod R) e= the secret P= Qe (mod R) te=(Qr)e=Qr*e=(Qe)r=Pr=s’
  5. 5. A random number with very few surprises In 2007, Dan Shumow and Niels Ferguson, two researchers showed that, if you know e, cracking the pseudorandom number generation becomes considerably easier. Consequently there was an update of the standard by NIST 2007 If you want to be FIPS 140 certified: You have to use the given P/Q
  6. 6. Key findings The Answer: CryptoServer Hardware Security Modules made in Germany •True Random Number Generator •Switch-Over to strong German certified RNG •No crypto-chip with the possibility of backdoors
  7. 7. Learn more about - Remote Administration - Software Development - Performance - The new CSe Series Blog: community.utimaco-service.com

×