Category: randomnumbers

Auto Added by WPeMatico

New Reductor Nation-State Malware Compromises TLS

Posted on By infossl
attribution, certificates, kaspersky, malware, randomnumbers, russia, Security technology, tls

Kaspersky has a detailed blog post about a new piece of sophisticated malware that it’s calling Reductor. The malware is able to compromise TLS traffic by infecting the computer with hacked TLS engine substituted on the fly, “marking” infected TLS handshakes by compromising the underlining random-number generator, and adding new digital certificates. The result is … Read More “New Reductor Nation-State Malware Compromises TLS” »

Yubico Security Keys with a Crypto Flaw

Posted on By infossl
cryptography, encryption, firmware, keys, randomnumbers, Security technology, securityengineering, securitytokens

Wow, is this an embarrassing bug: Yubico is recalling a line of security keys used by the U.S. government due to a firmware flaw. The company issued a security advisory today that warned of an issue in YubiKey FIPS Series devices with firmware versions 4.4.2 and 4.4.4 that reduced the randomness of the cryptographic keys … Read More “Yubico Security Keys with a Crypto Flaw” »

CAs Reissue Over One Million Weak Certificates

Posted on By infossl
authentication, certificates, encryption, randomnumbers, Security technology

Turns out that the software a bunch of CAs used to generate public-key certificates was flawed: they created random serial numbers with only 63 bits instead of the required 64. That may not seem like a big deal to the layman, but that one bit change means that the serial numbers only have half the … Read More “CAs Reissue Over One Million Weak Certificates” »

Attack on Old ANSI Random Number Generator

Posted on By infossl
academicpapers, cryptanalysis, cryptography, randomnumbers, Security technology

Almost 20 years ago, I wrote a paper that pointed to a potential flaw in the ANSI X9.17 RNG standard. Now, new research has found that the flaw exists in some implementations of the RNG standard. Here’s the research paper, the website — complete with cute logo — for the attack, and Matthew Green’s excellent … Read More “Attack on Old ANSI Random Number Generator” »

Proof that HMAC-DRBG has No Back Doors

Posted on By infossl
academicpapers, backdoors, cryptography, randomnumbers, Security technology

New research: “Verified Correctness and Security of mbedTLS HMAC-DRBG,” by Katherine Q. Ye, Matthew Green, Naphat Sanguansin, Lennart Beringer, Adam Petcher, and Andrew W. Appel. Abstract: We have formalized the functional specification of HMAC-DRBG (NIST 800-90A), and we have proved its cryptographic security — that its output is pseudorandom — using a hybrid game-based proof. … Read More “Proof that HMAC-DRBG has No Back Doors” »

Hacking Slot Machines by Reverse-Engineering the Random Number Generators

Posted on By infossl
gambling, hacking, randomnumbers, reverseengineering, Security technology

Interesting story: The venture is built on Alex’s talent for reverse engineering the algorithms — known as pseudorandom number generators, or PRNGs — that govern how slot machine games behave. Armed with this knowledge, he can predict when certain games are likeliest to spit out money­insight that he shares with a legion of field agents … Read More “Hacking Slot Machines by Reverse-Engineering the Random Number Generators” »

Predicting a Slot Machine's PRNG

Posted on By infossl
casinos, cheating, gambling, randomnumbers, russia, Security technology

Wired is reporting on a new slot machine hack. A Russian group has reverse-engineered a particular brand of slot machine — from Austrian company Novomatic — and can simulate and predict the pseudo-random number generator. The cell phones from Pechanga, combined with intelligence from investigations in Missouri and Europe, revealed key details. According to Willy … Read More “Predicting a Slot Machine's PRNG” »