Weak Randomness Part I – Linear Congruential Random Number Generators

The objective of this series of papers is to describe the mathematical properties of some of the more common pseudo-random sequence generators and to show how they can be attacked by illustrating the principles with real-world bugs. The series demonstrates how weak randomness can be identified, used to compromise real-world systems, and defended against. An additional goal of the series is to provide simple, straightforward tools that can be used in a development or consultancy context.

This, the first paper in the series, describes the extremely common linear congruential generator and describes a bug in Jetty, a popular Java-based web server, which illustrates some of the dangers described in the paper.

Download whitepaper here

Author: Chris Anley

Call us before you need us.

Our experts will help you.

Get in touch
%d bloggers like this: