entropy – Page 12 – WindowsTechs.com

Entropy and The Arduino: When Clock Jitter is Useful

Posted on January 8, 2018 by Jenny List

What do you do, when you need a random number in your programming? The chances are that you reach for your environment’s function to do the job, usually something like rand() or similar. This returns the required number, and you go happily on your way.

Except of course the reality isn’t quite that simple, and as many of you will know it all comes down to the level of randomness that you require. The simplest way to generate a random number in software is through a pseudo-random number generator, or PRNG. If you prefer to think in hardware terms, the …read more

Continue reading Entropy and The Arduino: When Clock Jitter is Useful→

multiple dice ware lists to make memorable passphrases?

Posted on December 29, 2017 by Some Guy

I understand the basics of why diceware produces good security and why seven word passphrases are a good idea these days.

The EFF has helpfully produced updated diceware lists that eliminate lots of the hassle of memorizing … Continue reading multiple dice ware lists to make memorable passphrases?→

How was the concept of password entropy developed?

Posted on December 1, 2017 by Aengus

I understand how to calculate password entropy and what the Length and Character values represent. I also have a reasonable understanding of other types of entropy (e.g. Shannon). However, password entropy seems to be conside… Continue reading How was the concept of password entropy developed?→

How was the concept of password entropy developed?

Posted on December 1, 2017 by Aengus

VU#817544: Windows 8 and later fail to properly randomize all applications if system-wide mandatory ASLR is enabled via EMET or Windows Defender Exploit Guard

Posted on November 17, 2017 by CERT

Microsoft Windows 8 introduced a change in how system-wide mandatory ASLR is implemented. This change requires system-wide bottom-up ASLR to be enabled for mandatory ASLR to receive entropy. Tools that enable system-wide ASLR without also setting bottom-up ASLR will fail to properly randomize executables that do not opt in to ASLR. Continue reading VU#817544: Windows 8 and later fail to properly randomize all applications if system-wide mandatory ASLR is enabled via EMET or Windows Defender Exploit Guard→

VU#817544: Windows 8 and later fail to properly randomize every application if system-wide mandatory ASLR is enabled via EMET or Windows Defender Exploit Guard

Posted on November 17, 2017 by CERT

Microsoft Windows 8 introduced a change in how system-wide mandatory ASLR is implemented. This change requires system-wide bottom-up ASLR to be enabled for mandatory ASLR to receive entropy. Tools that enable system-wide ASLR without also setting bottom-up ASLR will fail to properly randomize executables that do not opt in to ASLR. Continue reading VU#817544: Windows 8 and later fail to properly randomize every application if system-wide mandatory ASLR is enabled via EMET or Windows Defender Exploit Guard→

Check the "security" of a password [on hold]

Posted on November 14, 2017 by SaAtomic

I’m trying to find a tool to validate the security of a password and I’ve come across cracklib or libcrack2 (on Debian), which seems to be used a lot for the task and appears to do exactly what I wanted.

However, it does not… Continue reading Check the "security" of a password [on hold]→

What is Entropy and How Do I Get More of It?

Posted on November 2, 2017 by Elliot Williams

Let’s start off with one of my favorite quotes from John von Neumann: “Any one who considers arithmetical methods of producing random digits is, of course, in a state of sin. For, as has been pointed out several times, there is no such thing as a random number — there are only methods to produce random numbers, and a strict arithmetic procedure of course is not such a method.”

What von Neumann is getting at is that the “pseudo” in pseudorandom number generator (PRNG) is really a synonym for “not at all”. Granted, if you come in the middle of …read more

Continue reading What is Entropy and How Do I Get More of It?→

Approximately how much entropy in each of these low entropy sources?

Posted on October 11, 2017 by EPICI

We need a lot of entropy. Let’s be a little unrealistic and assume that we don’t have access to entropy pools like dev/random, and must do all the entropy collection ourselves. The program is running on a user’s computer, but… Continue reading Approximately how much entropy in each of these low entropy sources?→

On an embedded system with no external input, can haveged provide entropy?

Posted on October 9, 2017 by Cybergibbons

Take an example embedded system:

Microprocessor
Flash memory
SDRAM

There is no UI and no network connection.

Can the CPU timing jitter that is used by haveged provide adequate true entropy to seed /dev/urandom?

Continue reading On an embedded system with no external input, can haveged provide entropy?→