Security in Computing (3rd Edition)

Info icon This preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon
CS 161 Computer Security Fall 2005 Joseph/Tygar/Vazirani/Wagner Notes 21 “Anyone who uses software to produce random numbers is in a state of sin.” —John von Neumann “The generation of random numbers is too important to be left to chance.” —Robert R. Coveyou Random Number Generation Many cryptographic protocols require the parties to generate random numbers. For instance, cryptographic keys have to be generated in a way that makes them unpredictable to anyone other than the authorized creator of the key. How should we generate these random numbers? In this lecture, you will learn two things: how to generate truly random bits; and cryptographic methods to stretch a little bit of true randomness into a large stream of pseudorandom values that are indistinguishable from true random bits. 1 What Can Go Wrong It turns out that random number generation is very easy to get wrong. For instance, what is wrong with the following code? unsigned char key[16]; srand(time(NULL)); for (i=0; i<16; i++) key[i] = rand() & 0xFF; There all sorts of problems with this code. Can you spot any of them? In case you are not familiar with the rand() function, here is a quick refresher. Here are their function prototypes: int rand(void); void srand(unsigned int seed); time_t time(time_t *t); Each call to rand() returns a pseudorandom value in the range 0 to RAND MAX , calculated as a deter- ministic function of the seed. Also, srand(s) sets the seed to s . For instance, here is one possible implementation of rand() and srand() : CS 161, Fall 2005, Notes 21 1
Image of page 1

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
static unsigned int next = 0; void srand(unsigned int seed) { next = seed; } /* RAND_MAX assumed to be 32767 */ int rand(void) { next = next * 1103515245 + 12345; return next % 32768; } Finally, time(NULL) returns the current time, as measured by the number of seconds since Jan 1, 1970. With that background, here are two of the security holes in the code snippet listed previously: • It is easy to guess the value of the key. The seed is highly predictable, and anyone who can guess the seed can calculate the value of the cryptographic key. The algorithm that rand() uses for computing its outputs as a function of the seed is publicly known. Consequently, anyone who guess the time at which the key was generated can apply the very same algorithm to infer each of the bytes of the key. For instance, if Alice generates a new session key at the start of each session using this code, then anyone who eavesdrops on a session will probably be able to determine the time of day on Alice’s machine at the start of the session (and hence the seed passed to srand() ) and then decrypt everything that is encrypted using this session key. Even if the eavesdropper doesn’t know at what time the key was generated, there just aren’t that many possibilities. For instance, suppose we know the key was generated this year. There are 3600 × 24 × 365 = 31 , 536 , 000 2 25 seconds in a year. This means that, if I can narrow down when the key was generated to within a one-year window, then there are only 2 25 possible values for the seed passed to srand() . Of course, it is not hard to try each one of them, and see which key would
Image of page 2
Image of page 3
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern