Collaborate Disseminate
We’re suckers for the Fallout aesthetic, so anything with a post-apocalyptic vibe is sure to get our attention. With a mid-century look, Nixie tubes, a brushed metal faceplate, and just a touch of radioactivity, this quantum random number generator pushes a lot of design buttons, and it pushes them hard. …read more
Twitter is kind of a crazy place. World leaders doing verbal battle, hashtags that rise and fall along with the social climate, and a never ending barrage of cat pictures all make for a tumultuous stream of consciousness that runs 24/7. What exactly we’re supposed to do with this information is still up to debate, as Twitter has yet to turn it into a profitable service after over a decade of operation. Still, it’s a grand experiment that offers a rare glimpse into the human hive-mind for anyone brave enough to dive in.
One such explorer is a security researcher …read more
Twitter is kind of a crazy place. World leaders doing verbal battle, hashtags that rise and fall along with the social climate, and a never ending barrage of cat pictures all make for a tumultuous stream of consciousness that runs 24/7. What exactly we’re supposed to do with this information is still up to debate, as Twitter has yet to turn it into a profitable service after over a decade of operation. Still, it’s a grand experiment that offers a rare glimpse into the human hive-mind for anyone brave enough to dive in.
One such explorer is a security researcher …read more
Let’s start off with one of my favorite quotes from John von Neumann: “Any one who considers arithmetical methods of producing random digits is, of course, in a state of sin. For, as has been pointed out several times, there is no such thing as a random number — there are only methods to produce random numbers, and a strict arithmetic procedure of course is not such a method.”
What von Neumann is getting at is that the “pseudo” in pseudorandom number generator (PRNG) is really a synonym for “not at all”. Granted, if you come in the middle of …read more
Continue reading What is Entropy and How Do I Get More of It?
The DUHK Attack leverages a 20-year-old random number generator flaw to recover private keys. More pertinent, researchers said, is that the flaw exposes gaps in the FIPS certification process. Continue reading DUHK Attack Exposes Gaps in FIPS Certification
This is a random technical segment on implementing random number generators in Linux. Don shows us the ins and outs of the entropy pool, the different between /dev/random and /dev/urandom, and some awesome hardware that can increase entropy. Full Show Notes Subscribe to YouTube Channel
The post Hardening Software RNGs with Don Pezet, ITProTV – Paul’s Security Weekly #522 appeared first on Security Weekly.
Continue reading Hardening Software RNGs with Don Pezet, ITProTV – Paul’s Security Weekly #522
New versions of GPG and its crypto library Libgcrypt were released on Wednesday addressing a vulnerability that could allow an attacker to predict Libgcrypt RNG output. Continue reading GPG Patches 18-Year-Old Libgcrypt RNG Bug