Collaborate Disseminate
Hi everybody I am developing an image captcha system as a side project something like hcaptcha/Recaptcha – image classification/object localization.
I have a few questions regarding the security of such a system.
Is it acceptable to use p… Continue reading Security consideration for CAPTCHA system
An application generates codes using digits. The code is between 10.000 and 999.999
If I generate 1000 codes, ~9,09% of the codes have 5 digits. That means the codes are generated random, but are not cryptographically secure.
My question i… Continue reading Predicting the next code
Proper security algorithms demand true random numbers. For instance, secret keys & initialization vectors should never not be true random.
However, generating numbers using Java’s Random library or C’s srand() initialization & then… Continue reading Pseudorandom vs. True Random
I’m using php, but the general question applies to any confirmed cryptographically secure pseudo-random string concatenated with a non-cryptographically secure string.
I know random_bytes generates a cryptographically secure string
I know … Continue reading Does combining a non-cryptographically secure string with a cryptographically secure string result in a cryptographically secure string?
On FreeBSD and recent releases of macOS, Fortuna is used.
What about Debian?
I was trying to verify the expected value formula in java.
I did something very trivial, I simulated the roll of a dice, but I mapped each side to a specific value. So each value has probability of 1/6.
The expected value was determined as… Continue reading Simulating a dice throw with threadlocalrandom does not converge to the expected value [closed]
Is it possible to programmatically generate different hash functions? Of course, it is. We can simply tweak the numerical parameters of the hash function. But is there a known way to generate secure hash functions programmatically? I got a… Continue reading Is there a way to programatically generate new hash functions that are secure?
Let’s say you cat /dev/random or /dev/urandom all day from boot to system shutdown, either redirecting the output to a file, or just catting it (in a terminal, or whatever) doesn’t matter. Is this insecure, or a bad idea? If so, why?
Revea… Continue reading Is it bad to reveal random bytes from a system?
I’ve read that Blum Blum Shub is a CSPRNG, defined by x_n+1 = x_n^2 mod M. I didn’t understand, and couldn’t find any sources on, how big should M be.
Are 32 bits enough? 64 bits? Or are even more bits required?
Thanks.
Continue reading How big does M need to be in Blum Blum shub? [migrated]
We can get the N+1th term for a Linear Congruence Generator like this:
x[n+1] = A * x[n] (mod m)
by raising the A to the exponent of n like this:
x[n+1] = A**n * x[0] (mod m)
Assume A=48271 and m=2**31 – 1
Suppose the generator changes t… Continue reading Nth term for Linear Congruence Generators