All Questions
Tagged with random pseudo-random-number-generator
17 questions
1
vote
0
answers
25
views
Is it ok to use NativePRNGNonBlocking SecureRandom for making jwt? [duplicate]
I'm developing jwt auth feature with Spring WebFlux. And, I found the blocking calls in jjwt library by using BlockHound.
The reason of blocking calls was SecureRandom use /dev/random to make random ...
- 11
0
votes
1
answer
182
views
SecureRandom safety?
I need to randomly pick 10 numbers from 1 to 2000. It is very important that this rng cannot be predicted/hacked in any way. Would this be a safe/proper way to do it:
int randomInt;
SecureRandom ...
0
votes
2
answers
347
views
Is using weak random numbers for the initialization vector of AES just a theoretical issue?
I'm the maintainer of pypdf, a Python library for reading/manipulating PDF documents. I recently discovered that pypdf used random instead of secrets for ...
Generating the initialization vector (IV) ...
- 3,962
0
votes
1
answer
110
views
Randomness of seeded cryptographically secure random number generator
If I generate a large true random number and I seed a CSPRNG with it, then can the output of this CSPRNG be used anywhere where there is a need for a true random number?
For example, if Alice and Bob ...
- 339
1
vote
3
answers
1k
views
Is it possible to retrieve seed from a few random numbers?
Let's say I have generated 16 integers (between 0 and 128) using Python
from random import seed, randint
seed(1234)
randoms = [randint(0, 128) for _ in range(0, 16)]
If we have a rough knowledge of ...
- 13
1
vote
2
answers
322
views
How does /dev/random not leak future bytes from old ones
I want to generate 6 random words using Wiktionary and random numbers from /dev/random. I'll get a random number with /dev/random and then use the word from that index.
I know /dev/random should be ...
- 13
16
votes
5
answers
6k
views
Pseudorandom vs. True Random
Proper security algorithms demand true random numbers. For instance, secret keys & initialization vectors should never not be true random.
However, generating numbers using Java's Random library ...
- 287
1
vote
1
answer
368
views
Does combining a non-cryptographically secure string with a cryptographically secure string result in a cryptographically secure string?
I'm using php, but the general question applies to any confirmed cryptographically secure pseudo-random string concatenated with a non-cryptographically secure string.
I know random_bytes generates a ...
- 366
1
vote
2
answers
261
views
Is it bad to reveal random bytes from a system?
Let's say you cat /dev/random or /dev/urandom all day from boot to system shutdown, either redirecting the output to a file, or just catting it (in a terminal, or whatever) doesn't matter. Is this ...
- 177
3
votes
1
answer
2k
views
Is Python's `secrets` module using the same code as the `random` module?
The secrets module is marketed as a safe alternative to random for things that are meant to be secret. But what's the actual difference? Looking at their code, in some cases these libraries actually ...
- 31
-1
votes
1
answer
443
views
What is "environmental noise"?
I'm looking at way to generate random numbers for cryptographic purposes. More specifically, I looked at the Linux /dev/urandom function, which is considered a real random number generator. There are ...
3
votes
1
answer
305
views
Randomly generating invoice IDs
I'm in the process of setting up a local (i.e. offline and very limited) business, and I'm thinking of generating invoice IDs randomly to avoid the clients knowing that they're customer number #...
- 995
2
votes
1
answer
636
views
Did PHP's rand() get better?
I know that PHP used the system implementation for its rand() function, which is usually a weak LCG or LFSR implementation. Did this change?
In case it still does, I am using Fedora 32.
PHP states in ...
- 1,194
4
votes
1
answer
846
views
Does rngd -r /path/to/file inject into /dev/urandom in addition to /dev/random?
I'm new to the /dev/random and /dev/urandom pipes in general and have an application calling from /dev/urandom which I'm attempting to inject entropy into. I'd prefer not to change the source for ...
- 143
1
vote
1
answer
472
views
How can I validate that a PRNG's output is insecure and predictable?
Say I talk to a developer who is using some output of a Pseudo-random number generator in order to do some security task. I know based upon common knowledge that only Cryptographically Secure Pseudo ...
- 1,347