Collaborate Disseminate
I need to randomly pick 10 numbers from 1 to 2000. It is very important that this rng cannot be predicted/hacked in any way. Would this be a safe/proper way to do it:
int randomInt;
SecureRandom random = new SecureRandom();
for (int i = 1;… Continue reading SecureRandom safety?
Math — and some clever simulations — have revealed how many shuffles are required to randomize a deck of 52 cards, but there’s a bit more to it than that. …read more Continue reading Math Reveals How Many Shuffles Randomizes a Deck
I’m the maintainer of pypdf, a Python library for reading/manipulating PDF documents. I recently discovered that pypdf used random instead of secrets for …
Generating the initialization vector (IV) in AES
As part of generating the U-Val… Continue reading Is using weak random numbers for the initialization vector of AES just a theoretical issue?
If I generate a large true random number and I seed a CSPRNG with it, then can the output of this CSPRNG be used anywhere where there is a need for a true random number?
For example, if Alice and Bob both know the seed, then could the outp… Continue reading Randomness of seeded cryptographically secure random number generator
If I generate a large true random number and I seed a CSPRNG with it, then can the output of this CSPRNG be used anywhere where there is a need for a true random number?
For example, if Alice and Bob both know the seed, then could the outp… Continue reading Randomness of seeded cryptographically secure random number generator
Today this came to my attention.
When generating random secrets for e.g. JWT (in node.js the most common way is using the crypto.randomBytes() method), I have noticed a lot of people save these tokens in a base64-encoded manner (i.e. crypt… Continue reading Randomly generated secrets: encoding the random bytes in base64 vs keeping them
was trying to brute force a random number generated by the ruby method rand which generated a random float number between 0.0 and 1.0 excluding 1.0.
so for example I have this code:
Time.now.to_s.split(//).sort_by {rand}.join
this produce… Continue reading brute forcing a pseudoRandom number Generator
I am using the following line of code to create a reset password code sent to the user in her/his email. when scanned with brakeman to my ruby code, this line of code is catched and describes it as it is vulnerable.
this is the line of cod… Continue reading exploiting the scenario and how to generate a secure reset password token
Random messages were sent to the following numbers
07065888830
07900031921
07208088410
UPIACT #Q5ò&V#&XOS&*3o&&514&&2#Z##
JP7 Q6NH1GAn96bCK6vXX8JCkg63RLTEvU9mze8Chn*
received message from axis and icici … Continue reading Random messages sent from Airtel number to unknown numbers without my permission [closed]
I’ve been obsessed with figuring out Math.random in JavaScript and how it works. because how could you imagine a computer picking a random number? Where does the number come from?
But now I realized crypto.getRandomValues does not use rand… Continue reading How does `crypto.getRandomValues` work in JavaScript, and how is it different from `Math.random`?