How not to generate random numbers

Nadia Heninger
University of Pennsylvania

Randomness is essential to cryptography: cryptographic security depends on private keys that are unpredictable to an attacker. But how good are the random number generators that are actually used in practice? In this talk, I will discuss several large-scale surveys of cryptographic deployments, including TLS, SSH, Bitcoin, and secure smart cards, and show that random number generation flaws are surprisingly widespread. We will see how many of the most commonly used public key encryption and signature schemes can fail catastrophically if used with faulty random number generators, and trace many of the the random number generation flaws we encountered to specific implementations and vulnerable implementation patterns.

Slides:

Click here to download the slides for this presentation.

Videos:

• Join the live presentation. Wednesday May 13, 4:15-5:30.  Requires Microsoft Windows Media player.
• View video by lecture sequence. Spring 2015 series only, HTML5. Available after 8PM on the days of the lecture.
• View Video View video on YouTube.

About the speaker:

Nadia Heninger is an assistant professor in the Computer and Information Science department at the University of Pennsylvania. Her research focuses on security, applied cryptography, and algorithms. She is best known for her work identifying widespread entropy problems in cryptographic keys on the Internet (2012 Usenix Security best paper award), and developing the "cold boot" attack against disk encryption systems (2008 Usenix Security best student paper award). Previously, she was an NSF Mathematical Sciences Postdoctoral Fellow at UC San Diego and a visiting researcher at Microsoft Research New England. She received her Ph.D. in computer science in 2011 from Princeton and a B.S. in electrical engineering and computer science in 2004 from UC Berkeley.

Contact information:

Nadia Heninger
Computer and Information Science
University of Pennsylvania