4

Suppose a given random number generator has poor entropy, and is compressible by any compression algorithm (zlib, bzip2, lzma, etc).

Specifically the issues with this RNG are:

  • Bad entropy
  • Bad seed size
  • Failure to use multiple sources of entropy
  • Reseeding only occurs once, at initialization, instead of at an interval. (less important than the issues mentioned above)

I'm asking this question so I can:

  • ..estimate the loss of security created by bad entropy
  • ..understand what aspects of encryption would be affected, and what wouldn't be affected (hashing, encryption, signatures, etc)
makerofthings7
  • 50,918
  • 55
  • 261
  • 556

2 Answers2

2

It all depends on where the RNG is being used. A good post with links to good reads.

Encryption: IV Generation
Encryption is effected because the entire point of an Initialization Vector is to provide more randomness into the crypt context without rekeying.

Encryption: Key Generation
I feel like this should be obvious, if your key is predictable in any way then what's the point in encryption? Any public key cryptography used to protect the key is invalidated because now the key can be derived, and communications decrypted.

Public/Private Key Generation Weak key generation for asymmetric cryptography is extremely bad. If you can derive a private key it can be used to impersonate people or servers. Signed data with that certificate is now distrusted. Any session keys exchanged with its public key to encrypt data can now be exposed.

Integrity Hashes These can be indirectly effected if you're using an HMAC, this goes back to bad key derivation. If the integrity key can be derived, then an attacker can insert data into a stream and it will be accepted on the other side as legit data.

Now performing attacks against these weaknesses aren't always the easiest, but they're all doable. It depends on the protocol that's being used, how much other data is needed, etc. In a protocol like SSL/TLS you need data from both sides, plus the key shared in order to derive all keys. I hope this answers your question, I'd be happy to answer in more detail if you'd like.

Examples of when RNGs went wrong.

Community
  • 1
RoraΖ
  • 12,457
  • 4
  • 52
  • 84
0

A secure random source is the most critical aspect of a security infrastructure. Without a proper entropy source you are lost. Hashing in principle is not affected but the private/public key pair which is used to encrypt the hash with is and therefore a digital signature can no longer be trusted. The biggest problem with random generators is that it's hard to detect whether a random generator is good or not. Something that might look random might actually not be random at all (for example the random generator bug in Debian in 2008 was not easilly detected). Since it's hard to detect problems with random generators it's also the most likely attack vector for any 3 letter organisations (look for example at Dual_EC_DRBG). If you want to be safe, it might help to use multiple random sources and xor them one after the other.

martijnbrinkers
  • 690
  • 4
  • 7
  • Apart from stating that hashing isn't affected, you aren't answering the question. And part of what you're saying is wrong. Signatures, for example, may or may not be affected — you can have a reliable signature without an RNG, it's the key generation that intrinsically requires an RNG. – Gilles 'SO- stop being evil' Aug 05 '14 at 18:48