Explore the vulnerabilities of pseudorandom number generators (PRNGs) in this 53-minute Black Hat USA 2013 conference talk. Delve into the flaws of common non-cryptographic PRNGs and learn techniques for identifying PRNGs through black-box analysis of application output. Discover methods for recovering PRNG internal states, enabling the determination of past output and prediction of future output. Gain insights into algorithms that significantly outperform brute-force searches, including constant-time PRNG stream reversal and seeking. Witness live demonstrations of these attacks and receive access to a tool for conducting assessments on pseudorandom algorithms in your own security evaluations.
Overview
Syllabus
Black Hat USA 2013 - Black-Box Assessment of Pseudorandom Algorithms
Taught by
Black Hat
Related Courses
-
Backdoors in Pseudorandom Number Generators - Possibility and Impossibility Results
-
PRNG Pwning Random Number Generators in PHP Applications
-
DOG of WAR - Attack Box Design
-
Buying into the Bias - Why Vulnerability Statistics Suck
-
1000 Hackers in a Box - Failings of Security Scanners
-
End-to-End Analysis of a Domain Generating Algorithm Malware Family
