How do we know our PRNGs work properly? (33c3)

Title:
How do we know our PRNGs work properly? (33c3)
Description:

https://media.ccc.de/v/33c3-8099-how_do_we_know_our_prngs_work_properly

Pseudo-random number generators (PRNGs) are critical pieces of security
infrastructure. Yet, PRNGs are surprisingly difficult to design,
implement, and debug. The PRNG vulnerability that we recently found in
GnuPG/Libgcrypt (CVE-2016-6313) survived 18 years of service and several
expert audits. In this presentation, we not only describe the details of
the flaw but, based on our research, explain why the current state of
PRNG implementation and quality assurance downright provokes incidents.
We also present a PRNG analysis method that we developed and give
specific recommendations to implementors of software producing or
consuming pseudo-random numbers to ensure correctness.

Vladimir Klebanov Felix Dörre

more » « less
Video Language:
English
Duration:
58:36
http://www.youtube.com/watch?v=c_CalG1rL0I
Format: Youtube
Primary
Original
Added   by C3Subtitles
Format: Youtube
Primary
Original
http://www.youtube.com/watch?v=8LE5zhgofUs
Format: Youtube
Added   by C3Subtitles
Format: Youtube
This video is part of Amara Public.

Subtitles download

Incomplete subtitles (1)

Our website uses cookies for analysis purposes.