Questions tagged [random]
The generation of random or pseudorandom data, and the use of randomness in security protocols
399 questions
1
vote
3
answers
557
views
Does deterministically random PIDs solve the problems of truely random PIDs?
This can be considered a follow up to Do randomized PIDs bring more security?
A major problem with random PIDs is that they repeat more quickly than sequential PIDs, but in cryptography, we can ...
- 402
12
votes
3
answers
4k
views
Why shred before LUKS disk encryption?
I read the following article and it says to "Stuff random data to the device" (using shred) before encrypting with LUKS.
How to enable LUKS disk encryption with keyfile on Linux
Why would ...
- 121
1
vote
0
answers
515
views
What was the "random" number Sony used for the PS3?
I've read that fail0verflow was able to hack the PS3 because Sony used a static number for the random number generator.
I'm just really curious, what number was used? 42? 4? 7669773?
Please note that ...
- 111
11
votes
3
answers
2k
views
Why might RDRAND not be safe to use when the rest of the system is?
In Linux, the RDRAND instruction is used, but taken with a grain of salt, in that it is used as only one of several sources of entropy for a CSPRNG. It is used in this way over concerns that the ...
- 1,378
1
vote
0
answers
114
views
Usage of Mt_Rand in PHP
I am creating an exericse for my users, where I am trying to tell them that using mt_rand() is not a good option from security point of view. What I did is that I showed them a normal user who gets a ...
- 343
0
votes
2
answers
235
views
Is PHP's mt_rand function insecure on every platform?
I was going through this article, https://www.ambionics.io/blog/php-mt-rand-prediction, which claims that if we use mt_rand(), we can get the seed value using two values instead of brute forcing.
In ...
- 343
0
votes
0
answers
73
views
exfiltred .rnd file exploitation
Context
During a CTF, as www-data, I managed to exfiltrate an .rnd file used by phpseclib on a PHP app (I exfiltrated the entire app). Since SSHD is configured with PubkeyAuthentication yes and ...
- 111
0
votes
1
answer
304
views
Predicting math.random after math.floor
I know math.random() in javascript can be predicted if you know the exact outputs of it, but if I only know what it gives after doing math.floor(100 / (1.0001 - Math.random())), how would I use this ...
1
vote
0
answers
27
views
Is it ok to use NativePRNGNonBlocking SecureRandom for making jwt? [duplicate]
I'm developing jwt auth feature with Spring WebFlux. And, I found the blocking calls in jjwt library by using BlockHound.
The reason of blocking calls was SecureRandom use /dev/random to make random ...
- 11
15
votes
4
answers
6k
views
Security of a non-random password that relies on information an attacker cannot possibly know
I am trying to determine whether a non-random password that relies on information an attacker cannot possibly know can be secure.
For example, let’s say that I generate my password by putting together ...
- 569
0
votes
0
answers
54
views
What is a secure way to create a random number in Typescript? [duplicate]
I want to create a function that returns a random number in a given range, what is a secure way of doing that?
- 73
-1
votes
1
answer
151
views
Is encoding random with module insecure? [closed]
The ID library Nano ID claims that modulo based encoding (e.g. Base64) would lead to uneven distribution in the output:
Uniformity. random % alphabet is a popular mistake to make when coding an ID ...
- 99
0
votes
2
answers
2k
views
Can UUID v7 be treated as a unguessable, opaque identifier?
RFC4122bis specifies UUID v7, a version which contains 74 bits of randomness.
Assuming I use a CSPRNG to generate the random bits: Are these UUIDs considered to be unguessable and are enough to ...
- 115
0
votes
0
answers
27
views
Any idea on how this 36 character long string generated? [duplicate]
I have a personal id "U1KFhYtMqZhCYya6sy31PVLM8DlM5HLCkwy3", I have checked some hash functions but cannot make sure how this generated? Is this just random string generated with [a-zA-z0-9]?...
- 101
1
vote
1
answer
295
views
Which algorithm does CryptGenRandom use on my laptop?
I have an Ideapad Gaming laptop by Lenovo, with an Intel(R) Core(TM) i5-10300H processor. On this laptop I have Windows 10 installed. To generate random numbers, I use the CryptGenRandom function. ...
- 113