Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Rng keep your key save

405 views

Published on

Why a secure Random Number generator is critical to keep keys safe?
What pseudo random number generator does is turn a small ‘seed’ of proper random data into a constant stream of random numbers, which enables you to get such a number with arbitrarily high entropy?
A high entropy means the attacker will know very little about the random numbers the system generates. By very little what I really mean here is an attacker can only guess. Guessing correctly is nearly impossible.
Without randomness it is quite possible to predict the outcome:
Randomness is an essential part of any crypto system.

Published in: Technology
  • Login to see the comments

  • Be the first to like this

Rng keep your key save

  1. 1. Only true random number generation can keep your key safe How the NSA circumvented what was thought to be an unbeatable cryptographic algorithm Blog: https://hsm.utimaco.com/news/
  2. 2. The value of true random numbers in a cryptographic system RNG Key Generation Algorithm True random number seeds are an essential.
  3. 3. The Dual-EC-DRBG Pseudo random number generator scheme described in NIST SP 800-90; 2006 The weakness: Dual_EC_DRBG appears to contain a backdoor Certified DUAL-EC-DRBG: http://csrc.nist.gov/groups/STM/cavp/document s/drbg/drbgval.html
  4. 4. How does it work? Start on P, walk on the curve and after e steps you find Q Considering this large curve parameter, it will take a huge number of steps to compute e If P and Q are known + considering the curve parameter, which is given, and e is the well known secret then its easy to figure basic of a RNG: R= prime number P,Q = Integer value <R s= state of the random number generator s’= the next star of the random number gen. t= random number e=the well known secret r=Ps (mod R) s’=Pr (mod R) t=Qr (mod R) e= the secret P= Qe (mod R) te=(Qr)e=Qr*e=(Qe)r=Pr=s’
  5. 5. A random number with very few surprises In 2007, Dan Shumow and Niels Ferguson, two researchers showed that, if you know e, cracking the pseudorandom number generation becomes considerably easier. Consequently there was an update of the standard by NIST 2007 If you want to be FIPS 140 certified: You have to use the given P/Q
  6. 6. Key findings The Answer: CryptoServer Hardware Security Modules made in Germany •True Random Number Generator •Switch-Over to strong German certified RNG •No crypto-chip with the possibility of backdoors
  7. 7. Learn more about - Remote Administration - Software Development - Performance - The new CSe Series Blog: community.utimaco-service.com

×