Questions tagged [random]
The generation of random or pseudorandom data, and the use of randomness in security protocols
399 questions
0
votes
0
answers
7
views
Gathering entropy at different times using a cycle counter [migrated]
For non-cryptographic purposes (which use a HWRNG instead), I implemented into a bare metal program a Xorshift* RNG (Taken from [1], see below for implementation).
The RNG is currently seeded with the ...
- 101
12
votes
3
answers
3k
views
Why shred before LUKS disk encryption?
I read the following article and it says to "Stuff random data to the device" (using shred) before encrypting with LUKS.
How to enable LUKS disk encryption with keyfile on Linux
Why would ...
- 121
1
vote
0
answers
275
views
What was the "random" number Sony used for the PS3?
I've read that fail0verflow was able to hack the PS3 because Sony used a static number for the random number generator.
I'm just really curious, what number was used? 42? 4? 7669773?
Please note that ...
- 111
11
votes
3
answers
2k
views
Why might RDRAND not be safe to use when the rest of the system is?
In Linux, the RDRAND instruction is used, but taken with a grain of salt, in that it is used as only one of several sources of entropy for a CSPRNG. It is used in this way over concerns that the ...
- 1,400
1
vote
0
answers
55
views
Usage of Mt_Rand in PHP
I am creating an exericse for my users, where I am trying to tell them that using mt_rand() is not a good option from security point of view. What I did is that I showed them a normal user who gets a ...
- 343
0
votes
2
answers
138
views
Is PHP's mt_rand function insecure on every platform?
I was going through this article, https://www.ambionics.io/blog/php-mt-rand-prediction, which claims that if we use mt_rand(), we can get the seed value using two values instead of brute forcing.
In ...
- 343
0
votes
0
answers
38
views
exfiltred .rnd file exploitation
Context
During a CTF, as www-data, I managed to exfiltrate an .rnd file used by phpseclib on a PHP app (I exfiltrated the entire app). Since SSHD is configured with PubkeyAuthentication yes and ...
- 111
0
votes
1
answer
218
views
Predicting math.random after math.floor
I know math.random() in javascript can be predicted if you know the exact outputs of it, but if I only know what it gives after doing math.floor(100 / (1.0001 - Math.random())), how would I use this ...
1
vote
0
answers
25
views
Is it ok to use NativePRNGNonBlocking SecureRandom for making jwt? [duplicate]
I'm developing jwt auth feature with Spring WebFlux. And, I found the blocking calls in jjwt library by using BlockHound.
The reason of blocking calls was SecureRandom use /dev/random to make random ...
- 11
15
votes
4
answers
6k
views
Security of a non-random password but that relies on information an attacker cannot possibly know
I am trying to figure out whether a non-random password that relies on information an attacker cannot possibly know can be secure.
To give an example, let’s say that I generate my password by putting ...
- 569
0
votes
0
answers
50
views
What is a secure way to create a random number in Typescript? [duplicate]
I want to create a function that returns a random number in a given range, what is a secure way of doing that?
- 73
-1
votes
1
answer
116
views
Is encoding random with module insecure? [closed]
The ID library Nano ID claims that modulo based encoding (e.g. Base64) would lead to uneven distribution in the output:
Uniformity. random % alphabet is a popular mistake to make when coding an ID ...
- 99
0
votes
2
answers
2k
views
Can UUID v7 be treated as a unguessable, opaque identifier?
RFC4122bis specifies UUID v7, a version which contains 74 bits of randomness.
Assuming I use a CSPRNG to generate the random bits: Are these UUIDs considered to be unguessable and are enough to ...
- 115
0
votes
0
answers
27
views
Any idea on how this 36 character long string generated? [duplicate]
I have a personal id "U1KFhYtMqZhCYya6sy31PVLM8DlM5HLCkwy3", I have checked some hash functions but cannot make sure how this generated? Is this just random string generated with [a-zA-z0-9]?...
- 101
1
vote
1
answer
242
views
Which algorithm does CryptGenRandom use on my laptop?
I have an Ideapad Gaming laptop by Lenovo, with an Intel(R) Core(TM) i5-10300H processor. On this laptop I have Windows 10 installed. To generate random numbers, I use the CryptGenRandom function. ...
- 113