How do we know our PRNGs work properly? (33c3)

How do we know our PRNGs work properly? (33c3)

Pseudo-random number generators (PRNGs) are critical pieces of security
infrastructure. Yet, PRNGs are surprisingly difficult to design,
implement, and debug. The PRNG vulnerability that we recently found in
GnuPG/Libgcrypt (CVE-2016-6313) survived 18 years of service and several
expert audits. In this presentation, we not only describe the details of
the flaw but, based on our research, explain why the current state of
PRNG implementation and quality assurance downright provokes incidents.
We also present a PRNG analysis method that we developed and give
specific recommendations to implementors of software producing or
consuming pseudo-random numbers to ensure correctness.

Vladimir Klebanov Felix Dörre

more » « less
Video Language:
Format: Youtube Primary Original
Format: Youtube
This video is part of Amara Public.

Subtitles download

Incomplete subtitles (1)