The security of cryptographic systems depends on some secret data that is known to authorized persons but unknown and unpredictable to others. To achieve this unpredictability, some randomization is typically employed. Modern cryptographic protocols often require frequent generation of random quantities. Cryptographic attacks that subvert or exploit weaknesses in this process are known as random number generator attacks.
A high quality random number generation (RNG) process is almost always required for security, and lack of quality generally provides attack vulnerabilities and so leads to lack of security, even to complete compromise, in cryptographic systems.[1] The RNG process is particularly attractive to attackers because it is typically a single isolated hardware or software component easy to locate. If the attacker can substitute pseudo-random bits generated in a way they can predict, security is totally compromised, yet generally undetectable by any upstream test of the bits. Furthermore, such attacks require only a single access to the system that is being compromised. No data need be sent back in contrast to, say, a computer virus that steals keys and then e-mails them to some drop point.
^Michael Jenkins; Lydia Zieglar (September 28, 2018). "Commercial National Security Algorithm (CNSA) Suite Profile of Certificate Management over CMS". IETF draft draft-jenkins-cnsa-cmc-profile-00. U.S. National Security Agency. The use of inadequate pseudo-random number generators (PRNGs) can result in little or no security. The generation of quality random numbers is difficult.
and 24 Related for: Random number generator attack information
exploit weaknesses in this process are known as randomnumbergeneratorattacks. A high quality randomnumber generation (RNG) process is almost always required...
Randomnumber generation is a process by which, often by means of a randomnumbergenerator (RNG), a sequence of numbers or symbols that cannot be reasonably...
hardware randomnumbergenerator (HRNG), true randomnumbergenerator (TRNG), non-deterministic random bit generator (NRBG), or physical randomnumber generator...
A pseudorandom numbergenerator (PRNG), also known as a deterministic random bit generator (DRBG), is an algorithm for generating a sequence of numbers...
Randomnumbergenerators are important in many kinds of technical applications, including physics, engineering or mathematical computer studies (e.g.,...
also loosely known as a cryptographic randomnumbergenerator (CRNG). Most cryptographic applications require random numbers, for example: key generation...
A random password generator is a software program or hardware device that takes input from a random or pseudo-randomnumbergenerator and automatically...
CryptGenRandom is a deprecated cryptographically secure pseudorandom numbergenerator function that is included in Microsoft CryptoAPI. In Win32 programs...
Curve Deterministic Random Bit Generator) is an algorithm that was presented as a cryptographically secure pseudorandom numbergenerator (CSPRNG) using methods...
of arc4random. Proposed new randomnumbergenerators are often compared to the RC4 randomnumbergenerator. Several attacks on RC4 are able to distinguish...
Pseudo RandomNumber Using Evolutionary methods IEEE, DOI: 10.1109/CIS.2008.220. Caballero-Gil, P. et al. New Attack Strategy for the Shrinking Generator Journal...
In common practice, randomized algorithms are approximated using a pseudorandom numbergenerator in place of a true source of random bits; such an implementation...
RDRAND (for "read random") is an instruction for returning random numbers from an Intel on-chip hardware randomnumbergenerator which has been seeded...
such as Ubuntu made a variety of security keys vulnerable to a randomnumbergeneratorattack, since only 32,767 different keys were generated. The security...
distinguishing attack is any form of cryptanalysis on data encrypted by a cipher that allows an attacker to distinguish the encrypted data from random data. Modern...
between randomization, pseudorandomization, and quasirandomization, as well as between randomnumbergenerators and pseudorandom numbergenerators. For example...
between two or more parties. The attack depends on the higher likelihood of collisions found between randomattack attempts and a fixed degree of permutations...
that were not secure using a randomnumbergeneratorattack. Another common class of attacks is the Trojan horse attack which does not require physical...
LFSR in the keystream generator and the output of the Boolean function that combines the output states of all the LFSRs. These attacks are employed in combination...
supports the Character Generator Protocol on either Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) port number 19. Upon opening a TCP...
cryptographic commitment to an exponentially large number of seemingly random bits. The concept of a verifiable random function is closely related to that of a...
non-repeating, and the required randomness is derived internally. In this case, the IV is commonly called a nonce (a number used only once), and the primitives...