Chapter 2: Random and Pseudorandom Numbers Flashcards
What are random numbers used for in network security?
- Generation of keys in RSA
- Generation of a stream key for symmetric stream ciphers.
- Generation of a symmetric key for use as a temporary session key. Used in a number of networking applications like TLS, WI-FI, e-mail security, IP security.
- In a number of key distribution scenarios, such as Kerberos, and handshaking to prevent replay attacks.
What two criteria are used to validated that a sequence of numbers is random?
Uniform distribution: the frequency of occurrence on ones and zeros should be approximately the same.
Independence: no one subsequence in the sequence can be inferred from the others.
How can you determine if a random number adheres to the criteria uniform distribution and independence?
There are well-defined tests for determining the distribution but none that can prove independence. However you can test to check if it does not exhibit independence.
What is a PRNG?
A pseudorandom number generator. Created using deterministic algorithms. Not statistically random, but good ones can pass many tests of randomness.
What is a TRNG?
A true random number generator. Takes an input source that is effectively random; referred to as an entropy source.
What is an entropy source?
It uses inputs from the physical environment of the computer, like keystroke timing patterns, disk electrical activities, mouse movements.
How does a PRNG work?
Takes a fixed value as an input, called a seed. and produces a sequence of output bits using a deterministic algorithm. It usually has some kind of feedback loop where the results of the algorithm are fed back as input. The output bit stream is solely determined by the input value(s). Someone with knowledge of the algorithm and the seed can reproduce it.
How does a TRNG work?
It uses an (or a combo of) entropy source(s) as input to an algorithm that produces random binary output.
