Upload
shanon-henderson
View
213
Download
1
Embed Size (px)
Citation preview
• PRNG
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Common Lisp Other types
1 Common Lisp has a built-in pseudo-random number generator (PRNG).
Random state objects represent reusable sources of pseudo-random numbers, allowing the user to seed
the PRNG or cause it to replay a sequence.
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Hardware random number generator
1 Hardware random number generators are often relatively slow,
that is they produce a limited number of random bits per second. In order to increase the data rate,
they are often used to generate the "seed" for a faster cryptographic PRNG, which then generates the pseudorandom output sequence.
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Hardware random number generator - Cryptography
1 Because the sequence of numbers produced by a PRNG is predictable, data encrypted with pseudorandom numbers is potentially vulnerable to
cryptanalysis
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Hardware random number generator - Physical phenomena without quantum-random properties
1 When several such sources are combined carefully (as in, for
example, the Yarrow algorithm or Fortuna CSPRNGs), enough entropy can be collected for the creation of
cryptographic keys and nonces, though generally at restricted rates
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Hardware random number generator - PRNG with periodically refreshed random key
1 Other designs use what are believed to be true random bits as the key for a high
quality block cipher algorithm, taking the encrypted output as the random bit
stream. Care must be taken in these cases to select an appropriate block mode,
however. In some implementations, the PRNG is run for a limited number of digits,
while the hardware generating device produces a new seed.
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Hardware random number generator - Using observed events
1 Software engineers without true random number generators often try to develop them by measuring physical events available to the software. An example is measuring the time
between user keystrokes, and then taking the least significant bit (or two or three) of the count as a random digit. A similar approach
measures task-scheduling, network hits, disk-head seek times and other internal events. One Microsoft design includes a very long list of such
internal values (see the CSPRNG article).
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Block cipher - Relation to other cryptographic primitives
1 Cryptographically secure pseudorandom number generators (CSPRNGs) can be built
using block ciphers.
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Cryptographic hash function - Use in building other cryptographic primitives
1 Pseudorandom number generators (PRNGs) can be built using hash
functions. This is done by combining a (secret) random seed with a
counter and hashing it.
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
RSA BSAFE - Dual_EC_DRBG backdoor
1 The cryptographic community had been aware that Dual_EC_DRBG was
a very poor CSPRNG since shortly after the specification was posted in 2005, and by 2007 it had become
apparent that the CSPRNG seemed to be designed to contain a hidden backdoor for NSA, usable only by
NSA via a secret key
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Intel Active Management Technology - Intel AMT security technologies and methodologies
1 * Pseudo-random number generator
(PRNG) which generates session keys
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Intel vPro - Technologies and methodologies
1 * A pseudorandom number generator (PRNG) in the firmware of the AMT PC, which generates high-quality
session keys for secure communication.
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Stream cipher - Security
1 Some applications using the stream cipher RC4 are attackable because of weaknesses in RC4's key setup routine; new applications
should either avoid RC4 or make sure all keys are unique and ideally related key|unrelated (such as generated by a well-
seeded Cryptographically secure pseudorandom number generator|CSPRNG or a cryptographic hash function) and that
the first bytes of the keystream are discarded.
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Stream cipher - Trivia
1 * United States National Security Agency documents sometimes use
the term 'combiner-type algorithms', referring to algorithms that use some function to combine a pseudorandom
number generator (PRNG) with a plaintext stream.
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Adult industry - Sociological objections
1 Additionally, some researchers claim that pornography causes unequivocal harm to society by increasing rates of sexual
assault,Malamuth, Neil M.: Do Sexually Violent Media Indirectly Contribute to Antisocial Behavior?,
[http://profiles.nlm.nih.gov/NN/B/C/K/W/], page 10 a line of research which has been critiqued in The effects of
Pornography: An International Perspective on external validity grounds,[http://www.hawaii.edu/PCSS/online_artcls/pornograp
hy/prngrphy_ovrvw.html The effects of Pornography: An International Perspective] while others claim there is a
correlation between pornography and a decrease of sex crimes.[http://www2.hu-berlin.de/sexology/BIB/DIAM/effects_pornography.htm The Effects of Pornography: An International
Perspective] University of Hawaii Porn 101: Eroticism, Pornography, and the First Amendment: Milton Diamond Ph.D.
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Cryptographically secure pseudorandom number generator
1 A 'cryptographically secure pseudo-random number generator'
('CSPRNG') is a pseudo-random number generator (PRNG) with
properties that make it suitable for use in cryptography.
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Cryptographically secure pseudorandom number generator
1 A CSPRNG can stretch the available entropy
over more bits.
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Cryptographically secure pseudorandom number generator
1 Note also the usage 'CPRNG' (cryptographic pseudo-random number
generator).
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Cryptographically secure pseudorandom number generator - Requirements
1 The requirements of an ordinary PRNG are also satisfied by a
cryptographically secure PRNG, but the reverse is not true. CSPRNG
requirements fall into two groups: first, that they pass statistical
randomness tests; and secondly, that they hold up well under serious
attack, even when part of their initial or running state becomes available
to an attacker.https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Cryptographically secure pseudorandom number generator - Requirements
1 *Every CSPRNG should satisfy the next-bit test
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Cryptographically secure pseudorandom number generator - Requirements
1 *Every CSPRNG should withstand state compromise extensions. In the event that
part or all of its state has been revealed (or guessed correctly), it should be impossible
to reconstruct the stream of random numbers prior to the revelation.
Additionally, if there is an entropy input while running, it should be infeasible to use
knowledge of the input's state to predict future conditions of the CSPRNG state.
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Cryptographically secure pseudorandom number generator - Requirements
1 :: Example: If the CSPRNG under consideration produces output by
computing bits of pi|π in sequence, starting from some unknown point in
the binary expansion, it may well satisfy the next-bit test and thus be statistically random, as π appears to
be a random sequence
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Cryptographically secure pseudorandom number generator - Requirements
1 Second, for most PRNGs, when their state has been revealed, all past
random numbers can be retrodicted, allowing an attacker to read all past messages, as well as future ones.
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Cryptographically secure pseudorandom number generator - Designs
1 In the discussion below, CSPRNG designs are divided into three
classes: 1) those based on cryptographic primitives such as
ciphers and cryptographic hashes, 2) those based upon mathematical
problems thought to be hard, and 3) special-purpose designs
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Cryptographically secure pseudorandom number generator - Designs based on cryptographic primitives
1 Obviously, the period will be 2n for an n-bit block cipher; equally
obviously, the initial values (i.e., key (cryptography)|key and plaintext)
must not become known to an attacker, however good this CSPRNG
construction might be
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Cryptographically secure pseudorandom number generator - Designs based on cryptographic primitives
1 * A cryptographically secure cryptographic hash function|hash of a
counter might also act as a good CSPRNG in some cases. In this case, it is also necessary that the initial value of
this counter is random and secret. However, there has been little study of these algorithms for use in this manner, and at least some authors warn against
this use.https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Cryptographically secure pseudorandom number generator - Designs based on cryptographic primitives
1 * Most stream ciphers work by generating a pseudorandom stream of bits that are combined (almost always XOR cipher|XORed) with the plaintext; running the cipher on a counter will return a new
pseudorandom stream, possibly with a longer period. The cipher is only secure if the original stream is a good CSPRNG (this
is not always the case: see RC4 cipher). Again, the initial state must be kept secret.
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Cryptographically secure pseudorandom number generator - Special designs
1 There are a number of practical PRNGs that have been designed to
be cryptographically secure, including
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Cryptographically secure pseudorandom number generator - Special designs
1 *the Fortuna (PRNG)|Fortuna algorithm, the successor to Yarrow, which does not attempt to evaluate
the entropic quality of its inputs.
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Cryptographically secure pseudorandom number generator - Standards
1 * [http://csrc.nist.gov/publications/nistpubs/800-90A/SP800-90A.pdf NIST SP 800-90A]:
This standard has three uncontroversial CSPRNGs named Hash_DRBG,
HMAC_DRBG, and CTR_DRBG; and a PRNG named Dual_EC_DRBG which has been
shown to not be cryptographically secure and probably has a Kleptography|
kleptographic NSA backdoor.
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Cryptographically secure pseudorandom number generator - NSA backdoor in the Dual_EC_DRBG PRNG
1 Both papers report that, as independent security experts long
suspected, the NSA has been introducing weaknesses into CSPRNG
standard 800-90; this being confirmed for the first time by one of the top secret documents leaked to the Guardian by Edward Snowden
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Rolling code - Techniques
1 * Common PRNG (Pseudo Random Number Generator) mdash;
preferably Cryptographically secure pseudorandom number generator|cryptographically secure mdash; in
both transmitter and receiver
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Random number generation
1 However, carefully designed cryptographically secure
computationally based methods of generating random numbers do
exist, such as those based on the Yarrow algorithm and the Fortuna
(PRNG) and others.
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Random number generation - True random numbers vs. pseudo-random numbers
1 Carefully designed and implemented pseudo-random number generators can even be certified for security-
critical cryptographic purposes, as is the case with the yarrow algorithm
and fortuna (PRNG)
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Random number generation - Computational methods
1 Pseudo-random number generators (PRNGs) are algorithms that can
automatically create long runs of numbers with good random properties but eventually
the sequence repeats (or the memory usage grows without bound). The string of
values generated by such algorithms is generally determined by a fixed number called a 'seed.' One of the most common
PRNG is the linear congruential generator, which uses the recurrence
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
RSA (security firm) - Alleged NSA Dual_EC_DRBG backdoor
1 The standard did also not fix the unrelated (to the backdoor) problem
that the CSPRNG was slightly predictable, which Gjøsteen had pointed out earlier in 2006, and
which lead Gjøsteen to call Dual_EC_DRBG not cryptographically
sound
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
RSA (security firm) - Alleged NSA Dual_EC_DRBG backdoor
1 On , Reuters' Joseph Menn reported that NSA secretly paid RSA Security
$10 million in 2004 to set Dual_EC_DRBG as the default
CSPRNG in BSAFE
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Microsoft CryptoAPI - Cryptography API: Next Generation
1 CNG also replaces the default PRNG with CTR_DRBG using AES as the block cipher, because the earlier RNG which is defined in the now
superseded FIPS 186-2 is based on either Data Encryption Standard|DES
or SHA-1, both which have been broken. CTR_DRBG is one of the two
algorithms in NIST SP 800-90 endorsed by Schneier, the other
being Hash_DRBG.https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Niels Ferguson
1 In 1999, Niels Ferguson, together with Bruce Schneier and John Kelsey
(cryptanalyst)|John Kelsey, developed the Yarrow algorithm random number
generator. Yarrow was later developed by Niels Ferguson and Bruce Schneier into the Fortuna (PRNG)|Fortuna random number
generator.
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Block ciphers - Relation to other cryptographic primitives
1 * Cryptographically secure pseudorandom number generators (CSPRNGs) can be built using block
ciphers.[http://csrc.nist.gov/publications/nistpubs/800-90A/SP800-90A.pdf
NIST Special Publication 800-90A Recommendation for Random
Number Generation Using Deterministic Random Bit
Generators]https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
FileVault - Master passwords and recovery keys
1 When FileVault 2 is enabled whilst the system is running: the system creates and displays a recovery key for the computer, and optionally offers the user to store the key with Apple. The 120 bit recovery key is encoded with all letters and numbers 1 through 9, and read from /dev/random,
and therefore relies on the security of the PRNG used in OS X. During a cryptanalysis in 2012, this mechanism was found safe.
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Dual EC DRBG
1 'Dual Elliptic Curve Deterministic Random Bit Generator' ('Dual_EC_DRBG') is a
claimed cryptographically secure pseudorandom number generator (CSPRNG)
standardized by the National Institute of Standards and Technology (NIST), ANSI, and ISO. Dual_EC_DRBG is based on the elliptic curve discrete logarithm problem (ECDLP)
and is one of the four CSPRNGs standardized in NIST SP 800-90A.
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Dual EC DRBG
1 The alleged backdoor would allow NSA to decrypt for example Transport
Layer Security|SSL/TLS encryption which used Dual_EC_DRBG as a
CSPRNG
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Dual EC DRBG - Security
1 Brown works for Certicom, the main owner of elliptic curve cryptography
patents, so there may be a conflict of interest in promoting an EC CSPRNG.
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Dual EC DRBG - Security
1 The alleged NSA backdoor would allow the attacker to determine the internal state of the random number generator from looking at the output
from a single round (32 bytes); all future output of the random number
generator can then easily be calculated, until the CSPRNG is
reseeded with an external source of randomness
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Dual EC DRBG - Standardization and implementations
1 The low truncation was in 2006 shown by Gjøsteen to make the RNG predictable and therefore unusable
as a CSPRNG, even if Q had not been chosen to contain a back door
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Dual EC DRBG - Standardization and implementations
1 In 2013, after the New York Times reported that Dual_EC_DRBG
contained a backdoor by the NSA, RSA Security said they had not been
aware of any backdoor when they made the deal with NSA, and told
their customers to switch CSPRNG.
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Dual EC DRBG - Standardization and implementations
1 OpenSSL did not use Dual_EC_DRBG as the default CSPRNG, and it was
discovered in 2013 that a bug made the OpenSSL implementation of Dual_EC_DRBG non-functioning, meaning that no one could have
been using it.
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Dual EC DRBG - Standardization and implementations
1 RSA Security had kept Dual_EC_DRBG as the default
CSPRNG in BSAFE even after the wider cryptographic community became aware of the potential
backdoor in 2007, but there does not seem to have been a general
awareness of BSAFE's usage of Dual_EC_DRBG as a user option in
the communityhttps://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Dual EC DRBG - Software and hardware which contained the possible backdoor
1 A list of products which have had their CSPRNG-implementation FIPS 140-2 validated is
available at http://csrc.nist.gov/groups/STM/cavp/documents/drbg/drbgval.html ; The validated CSPRNGs are listed in the Description/Notes field. Note that even if Dual_EC_DRBG is listed as validated, it may not have been enabled by default. Many
implementations come from a renamed copy of a library implementation.
http://veridicalsystems.com/blog/secure-or-compliant-pick-one/
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Dual EC DRBG - Software and hardware which contained the possible backdoor
1 Bruce Schneier has pointed out that even if not enabled by default, having a backdoored CSPRNG
implemented as an option can make it easier for NSA to spy on targets:
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
One-time pad
1 There is some ambiguity to the term because some authors use the terms
Vernam cipher and one-time pad synonymously, while others refer to
any additive stream cipher as a Vernam cipher, including those based
on a cryptographically secure pseudorandom number generator
(CSPRNG).
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Dd (Unix) - Disk wipe
1 (The PRNG behind /dev/urandom may be slower than libc's.) On most relatively modern drives, zeroing the drive will render any data it contains
permanently irrecoverable.
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Lp (Unix)
1 While similar in name and function, it is a different program from Plan 9 from Bell Labs|Plan 9's lp, fellow UNIX-like BSD's lpr, or MS-DOS's LPT#Interfaces|LPT. The LPRng
project provides lp as a wrapper to the lpr command.
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Lpr
1 It is also the standard name for the printer command in the
LPRng project
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Crypto-anarchism - Cryptography and law
1 Technologies enabling this sort of rapidly rekeyed encryption include public-key cryptography, Hardware
random number generator|hardware PRNGs, perfect forward secrecy, and
opportunistic encryption
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Fluhrer, Mantin and Shamir attack - The attack
1 With certain IVs, an Alice and Bob|attacker knowing the first byte of the
keystream and the first m bytes of the key can derive the (m+1)th byte of the key due to a weakness in the
PRNG used to generate the keystream
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
List of algorithms - Cryptography
1 ** Fortuna (PRNG)|Fortuna, intended as an improvement
on Yarrow algorithm
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Anti-pornography - Harm-based views
1 Some researchers claim that pornography causes unequivocal harm to society by increasing rates of sexual assault,Malamuth,
Neil M.: Do Sexually Violent Media Indirectly Contribute to Antisocial Behavior?, [http://profiles.nlm.nih.gov/NN/B/C/K/W/],
page 10 a line of research which has been critiqued in The effects of Pornography: An International
Perspective.[http://www.hawaii.edu/PCSS/online_artcls/pornography/prngrphy_ovrvw.html The effects of Pornography: An International Perspective] In contradiction to this, other researchers claim that there is a correlation between
pornography and a decrease of sex crimes.[http://www2.hu-berlin.de/sexology/BIB/DIAM/effects_pornography.htm The
Effects of Pornography: An International Perspective] University of Hawaii Porn 101: Eroticism, Pornography, and the First
Amendment: Milton Diamond Ph.D.
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Greg Stein
1 Stein most recently worked as an engineering manager at Google, where he helped launch
Google's [http://code.google.com/hosting open-source hosting platform]. Stein publicly announced his departure from Google via his
blog on July 29, 2008.[http://prng.blogspot.com/ Greg Stein's Blog] Prior to Google, he worked for Oracle
Corporation, eShop, Microsoft, CollabNet, and as an independent developer.
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Slot machines - Random number generators
1 All modern machines are designed using pseudo random number generators (PRNGs), which are constantly generating a sequence of simulated random numbers, at a rate of
hundreds or perhaps thousands per second. As soon as the Play button is pressed, the
most recent random number is used to determine the result. This means that the
result varies depending on exactly when the game is played. A fraction of a second earlier
or later, and the result would be different.
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Slot machines - Random number generators
1 Having access to the PRNG code and seed values
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Applications of randomness - Cryptography
1 Such random number generators are called cryptographically secure
pseudo-random number generators, and several have been implemented
(for example, the /dev/urandom device available on most Unixes, the Yarrow algorithm|Yarrow and Fortuna (PRNG)|Fortuna designs, server, and
ATT Bell Laboratories truerand)
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Pseudorandom number generator
1 The PRNG-generated sequence is not truly random, because it is
completely determined by a relatively small set of initial values,
called the PRNG's random seed|seed (which may include truly random
values)
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Pseudorandom number generator
1 PRNGs are central in applications such as simulations (e.g. for the Monte Carlo method), electronic games (e.g. for
procedural generation), and cryptography. Cryptographic applications require the
output not to be predictable from earlier outputs, and more Cryptographically
secure pseudorandom number generator|elaborate algorithms, which do not inherit the linearity of simpler PRNGs, are needed.
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Pseudorandom number generator
1 Good statistical properties are a central requirement for the output of a PRNG. In general, careful mathematical analysis is
required to have any confidence that a PRNG generates numbers that are sufficiently close to random to suit the intended use. John von
Neumann cautioned about the misinterpretation of a PRNG as a truly random
generator, and joked that Anyone who considers arithmetical methods of producing random digits is, of course, in a state of sin.
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Pseudorandom number generator - Periodicity
1 However, since the length of the period potentially doubles with each bit of state added, it is easy to build PRNGs with periods long enough for
many practical applications.
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Pseudorandom number generator - Periodicity
1 Although PRNGs will repeat their results after they reach the end of their period, a repeated result does not imply that the end of the period has been reached, since its internal state may be larger than its output;
this is particularly obvious with PRNGs with a 1-bit output.
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Pseudorandom number generator - Periodicity
1 The size of its period is an important factor in the cryptographic suitability
of a PRNG, but not the only one.
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Pseudorandom number generator - Potential problems with deterministic generators
1 In practice, the output from many common PRNGs exhibit artifact
(error)|artifacts which cause them to fail statistical pattern-detection tests.
These include:
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Pseudorandom number generator - Potential problems with deterministic generators
1 Defects exhibited by flawed PRNGs range from unnoticeable (and unknown) to very obvious. An
example was the RANDU random number algorithm used for decades
on mainframe computers. It was seriously flawed, but its inadequacy
went undetected for a very long time.
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Pseudorandom number generator - Potential problems with deterministic generators
1 In many fields, much research work prior to the 21st century that relied on random selection or on Monte
Carlo Method|Monte Carlo simulations, or in other ways relied
on PRNGs, is much less reliable than it might have been as a result of
using poor-quality PRNGs.Press et al
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Pseudorandom number generator - Potential problems with deterministic generators
1 The first PRNG to avoid major problems and still run fairly fast was
the Mersenne Twister (discussed below), which was published in 1998. Other high-quality PRNGs have since
been developed.
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Pseudorandom number generator - Generators based on linear recurrences
1 In the second half of the 20th century, the standard class of algorithms used for PRNGs
comprised linear congruential generators. The quality of LCGs was known to be inadequate, but better methods were unavailable. Press etal. (2007) described the result thus: If all scientific papers whose results are in doubt
because of [LCGs and related] were to disappear from library shelves, there would be
a gap on each shelf about as big as your fist.Press etal. (2007) §7.1
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Pseudorandom number generator - Cryptographically secure pseudorandom number generators
1 In general, years of review may be required before an algorithm can be certified as a
CSPRNG.
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Pseudorandom number generator - Cryptographically secure pseudorandom number generators
1 Some classes of CSPRNGs include
the following:
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Pseudorandom number generator - Cryptographically secure pseudorandom number generators
1 * PRNGs that have been designed specifically to be cryptographically
secure, such as Microsoft's Cryptographic Application
Programming Interface function CryptGenRandom, the Yarrow
algorithm (incorporated in Mac OS X and FreeBSD), and Fortuna (PRNG)|
Fortuna.
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Pseudorandom number generator - Early approaches
1 An early computer-based PRNG, suggested by John von Neumann in
1946, is known as the middle-square method
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Pseudorandom number generator - Non-uniform generators
1 Numbers selected from a non-uniform probability distribution can
be generated using a Uniform distribution (continuous)|uniform
distribution PRNG and a function that relates the two distributions.
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Pseudorandom number generator - Non-uniform generators
1 \operatorname^(x) with an ideal uniform PRNG with range (0, 1) as
input x would produce a sequence of (positive only) values with a
Gaussian distribution; however
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Key generation
1 PRNGs that use system entropy to Random seed|seed data generally produce better results, since this makes the initial conditions of the PRNG much more difficult for an
attacker to guess
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Rule 30 - Structure and properties
1 Stephen Wolfram proposed using its center column as a pseudorandom
number generator (PRNG); it passes many standard tests for randomness,
and Wolfram uses this rule in the Mathematica product for creating
random integers
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Lamport signature - Short private key
1 Note a cryptographically secure hash (or at least whose output is not
XORed with the seed) can not be used instead of CSPRNG because signing a message would reveal
additional random values from the private key
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Lamport signature - Short private key
1 In the same manner a single key can be used together with a CSPRNG to
create many Lamport keys. Preferably then some kind of random access CSPRNG should be used, such
as Blum Blum Shub|BBS.
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Lamport signature - Short keys and signature
1 Winternitz signature compression reduces the size of the private key
and public key by slightly less than a factor of the 2*\text , and half that
factor for the signature. The computation increases by slightly
more than a factor of (2^\text )/(\text ). A cryptographically secure hash suffices instead of the requirement
for a CSPRNG.https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Linear congruential generator - Comparison with other PRNGs
1 A Linear feedback shift register|Linear Feedback Shift Register PRNG can be implemented with essentially
the same amount of memory and produces a stream of pseudorandom
numbers with better randomness qualities when considering streams
of bits, albeit with a bit more computation.
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
List of Puerto Ricans - Military
1 * 'Emilio Díaz Colón', Major General, U.S. Army; PRNGDíaz-Colón is the first Superintendent of
the Puerto Rican Police who once served as the Adjutant General of the Puerto Rican National
Guard.[http://www.msnbc.msn.com/id/43657273/ns/world_news-americas/t/puerto-rico-
chooses-soldier-next-police-chief/ Puerto Rico chooses soldier for next police
chief][http://www.noticel.com/noticia/106958/fortuno-designa-al-nuevo-superintendente.html
Noticentro]
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
BlackBerry Internet Service - Intelligence agency access
1 The BlackBerry software includes support for the Dual_EC_DRBG CSPRNG algorithm,
which due to being probably backdoor (computing)|backdoored by NSA, NIST
strongly recommends no longer be used. BlackBerry Ltd. has however not issued an advisory to its customers, because they do
not consider the probable backdoor a vulnerability. BlackBerry Ltd. also owns US
patent 2007189527, which covers the technical design of the backdoor.
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Online casinos - Virtual casino games
1 PRNGs use a set of mathematical instructions known as an algorithm to generate a long stream of numbers
that give the impression of true randomness
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Online casinos - Virtual casino games
1 When implemented correctly, a PRNG algorithm such as the Mersenne
Twister will ensure that the games are both fair and unpredictable
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Chiptune - Overview
1 Common waveform generator configurations usually included two
or three simple waveforms and often a single pseudo-random-noise
generator (PRNG)
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Fort Allen, Puerto Rico - History
1 * 1985: The Puerto Rico National Guard Language Center 'PRNGLC' relocated to Fort
Allen.
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Fort Allen, Puerto Rico - History
1 * 2011: The Fort Allen Armed Forces Reserve Center 'AFRC' was inaugurated and dedicated
posthumously to the 6th Puerto Rico Adjutant General|Adjutant General of
the Puerto Rico National Guard 'PRNG' and founder of the Language Center at Fort Allen, Major General Salvador M. Padilla Escabi|Salvador
Padilla Escabi.https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Fort Allen, Puerto Rico - Armed Forces Reserve Center
1 This facility was dedicated posthumously to 6th Adjutant
General of the Puerto Rico National Guard PRNG and founder of the
Language Center at Fort Allen, Major General Salvador Padilla Escabi.
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Licchavi (kingdom) - Bhadgaon
1 Bhadgaon was a small village called Khoprn (Sanskrit Khoprngrama) along
the main trade route. This is the precursor to Bhaktapur.
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Entropy (computing) - Weaknesses
1 Because Entropy is always needed when producing cryptographic keys, and because
security agencies around the world are mandated by laws like
Communications_Assistance_for_Law_Enforcement_Act|CALEA etc to eavesdrop on
foreigners, it's common practice for them to surreptitiously or procedurally modify PRNG implementations to return entropy that they at least partially control (usually through the
use of asymmetric elliptic cryptography)
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
Entropy (computing) - Security
1 In some cases a Hacker (computer security)|cracker (malicious attacker) can guess some bits of entropy from
the output of a pseudorandom number generator (PRNG), and this
happens when not enough entropy is introduced into the
PRNG.[http://osdir.com/ml/encryption.general/2005-01/msg00074.html Re:
entropy depletion (was: SSL/TLS passive sniffing)], 2005
https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
For More Information, Visit:
• https://store.theartofservice.com/itil-2011-foundation-complete-certification-kit-fourth-edition-study-guide-ebook-and-online-course.html
The Art of Servicehttps://store.theartofservice.com