http://www.theregister.co.uk/2015/08/11/your_numbers_arent_random_says_infosec_boffin/
By Richard Chirgwin
The Register
11 Aug 2015
The randomness (or rather, lack thereof) of pseudo-random number
generators (PRNGs) is a persistent pain for those who work at the low
layers of cryptography.
Security researcher Bruce Potter, whose activity in the field stretches
back more than a decade, when he demonstrated war-driving using Bluetooth,
says problems both in design and implementation undermine the
effectiveness of common crypto libraries.
Now Potter's work (his BlackHat presentation is here [PDF]) has led to the
claim that nobody really understands what's going on.
Part of the problem, he writes, is that people tend to conflate “entropy”
with “randomness”, when in fact the two mean different things: entropy is
a measurement of the uncertainty of an outcome, while randomness is a
long-term assessment of entropy.
[...]
--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
