All Questions
Tagged with random cryptography
96 questions
1
vote
0
answers
275
views
What was the "random" number Sony used for the PS3?
I've read that fail0verflow was able to hack the PS3 because Sony used a static number for the random number generator.
I'm just really curious, what number was used? 42? 4? 7669773?
Please note that ...
- 111
0
votes
0
answers
27
views
Any idea on how this 36 character long string generated? [duplicate]
I have a personal id "U1KFhYtMqZhCYya6sy31PVLM8DlM5HLCkwy3", I have checked some hash functions but cannot make sure how this generated? Is this just random string generated with [a-zA-z0-9]?...
- 101
1
vote
1
answer
242
views
Which algorithm does CryptGenRandom use on my laptop?
I have an Ideapad Gaming laptop by Lenovo, with an Intel(R) Core(TM) i5-10300H processor. On this laptop I have Windows 10 installed. To generate random numbers, I use the CryptGenRandom function. ...
- 113
0
votes
2
answers
347
views
Is using weak random numbers for the initialization vector of AES just a theoretical issue?
I'm the maintainer of pypdf, a Python library for reading/manipulating PDF documents. I recently discovered that pypdf used random instead of secrets for ...
Generating the initialization vector (IV) ...
- 3,962
1
vote
3
answers
1k
views
Is it possible to retrieve seed from a few random numbers?
Let's say I have generated 16 integers (between 0 and 128) using Python
from random import seed, randint
seed(1234)
randoms = [randint(0, 128) for _ in range(0, 16)]
If we have a rough knowledge of ...
- 13
0
votes
1
answer
146
views
Why GNU libc's salt alphabet for `crypt` is limited to ./0-9A-Za-z?
According to docs:
To hash a new passphrase for storage, set salt to a string consisting of [a prefix plus] a sequence of randomly chosen characters ...
and
In all cases, the random characters ...
- 103
16
votes
5
answers
6k
views
Pseudorandom vs. True Random
Proper security algorithms demand true random numbers. For instance, secret keys & initialization vectors should never not be true random.
However, generating numbers using Java's Random library ...
- 287
1
vote
1
answer
368
views
Does combining a non-cryptographically secure string with a cryptographically secure string result in a cryptographically secure string?
I'm using php, but the general question applies to any confirmed cryptographically secure pseudo-random string concatenated with a non-cryptographically secure string.
I know random_bytes generates a ...
- 366
3
votes
1
answer
2k
views
Is Python's `secrets` module using the same code as the `random` module?
The secrets module is marketed as a safe alternative to random for things that are meant to be secret. But what's the actual difference? Looking at their code, in some cases these libraries actually ...
- 31
2
votes
5
answers
2k
views
Attacks Relying on Poor Entropy
I'm creating a quantum random number generator as part of my thesis.
As part of the research phase, I'm trying to substantiate my aspertion that encryption is significantly weakened if a computer ...
- 194
2
votes
1
answer
636
views
Did PHP's rand() get better?
I know that PHP used the system implementation for its rand() function, which is usually a weak LCG or LFSR implementation. Did this change?
In case it still does, I am using Fedora 32.
PHP states in ...
- 1,194
1
vote
1
answer
472
views
How can I validate that a PRNG's output is insecure and predictable?
Say I talk to a developer who is using some output of a Pseudo-random number generator in order to do some security task. I know based upon common knowledge that only Cryptographically Secure Pseudo ...
- 1,347
3
votes
4
answers
741
views
How can one test if a password generator is cryptographically secured?
Given the plethora of random password generators (RPG) available, I'd like to do some black box testing on some.
Let's take https://passwordsgenerator.net/ for example. Assuming the whole generator ...
- 3,482
2
votes
1
answer
171
views
Is getting 1-2 outputs from a CSPRNG to seed another CSPRNG less entropy than getting say 5000 outputs from a CSPRNG and using that to seed?
This question builds off of this question.
I want to create more entropy from a viable entropy source to seed another CSPRNG.
If I use
window.crypto.getRandomValues(newUint8Array(1))
To seed a CSPRNG,...
user215466
0
votes
1
answer
823
views
Find seed used in Math.random LCG given a list of outputs [duplicate]
Given one or two sequential Math.random outputs generated with Internet Explorer's linear congruential generator, is it possible to find the seed used in the LCG and find subsequent outputs? Here is ...
- 1