Random number generation

# Security in Computing (3rd Edition)

• Notes
• davidvictor
• 7
• 100% (1) 1 out of 1 people found this document helpful

This preview shows pages 1–3. Sign up to view the full content.

CS 161 Computer Security Fall 2005 Joseph/Tygar/Vazirani/Wagner Notes 21 “Anyone who uses software to produce random numbers is in a state of sin.” —John von Neumann “The generation of random numbers is too important to be left to chance.” —Robert R. Coveyou Random Number Generation Many cryptographic protocols require the parties to generate random numbers. For instance, cryptographic keys have to be generated in a way that makes them unpredictable to anyone other than the authorized creator of the key. How should we generate these random numbers? In this lecture, you will learn two things: how to generate truly random bits; and cryptographic methods to stretch a little bit of true randomness into a large stream of pseudorandom values that are indistinguishable from true random bits. 1 What Can Go Wrong It turns out that random number generation is very easy to get wrong. For instance, what is wrong with the following code? unsigned char key[16]; srand(time(NULL)); for (i=0; i<16; i++) key[i] = rand() & 0xFF; There all sorts of problems with this code. Can you spot any of them? In case you are not familiar with the rand() function, here is a quick refresher. Here are their function prototypes: int rand(void); void srand(unsigned int seed); time_t time(time_t *t); Each call to rand() returns a pseudorandom value in the range 0 to RAND MAX , calculated as a deter- ministic function of the seed. Also, srand(s) sets the seed to s . For instance, here is one possible implementation of rand() and srand() : CS 161, Fall 2005, Notes 21 1

This preview has intentionally blurred sections. Sign up to view the full version.

static unsigned int next = 0; void srand(unsigned int seed) { next = seed; } /* RAND_MAX assumed to be 32767 */ int rand(void) { next = next * 1103515245 + 12345; return next % 32768; } Finally, time(NULL) returns the current time, as measured by the number of seconds since Jan 1, 1970. With that background, here are two of the security holes in the code snippet listed previously: • It is easy to guess the value of the key. The seed is highly predictable, and anyone who can guess the seed can calculate the value of the cryptographic key. The algorithm that rand() uses for computing its outputs as a function of the seed is publicly known. Consequently, anyone who guess the time at which the key was generated can apply the very same algorithm to infer each of the bytes of the key. For instance, if Alice generates a new session key at the start of each session using this code, then anyone who eavesdrops on a session will probably be able to determine the time of day on Alice’s machine at the start of the session (and hence the seed passed to srand() ) and then decrypt everything that is encrypted using this session key. Even if the eavesdropper doesn’t know at what time the key was generated, there just aren’t that many possibilities. For instance, suppose we know the key was generated this year. There are 3600 × 24 × 365 = 31 , 536 , 000 2 25 seconds in a year. This means that, if I can narrow down when the key was generated to within a one-year window, then there are only 2 25 possible values for the seed passed to srand() . Of course, it is not hard to try each one of them, and see which key would
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

### What students are saying

• As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

Kiran Temple University Fox School of Business ‘17, Course Hero Intern

• I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

Dana University of Pennsylvania ‘17, Course Hero Intern

• The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

Jill Tulane University ‘16, Course Hero Intern