IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [pseudo-random-number-generator]

A pseudorandom number generator (PRNG) is an algorithm for generating a sequence of numbers whose properties approximate the properties of sequences of random numbers.

A PRNG-generated sequence is not truly random, because it is completely determined by an initial value, called the PRNG's seed (which may include truly random values). Although sequences that are closer to truly random can be generated using hardware random number generators, pseudorandom number generators are important in practice for their speed in number generation and their reproducibility.

A PRNG suitable for cryptographic applications is called a cryptographically secure PRNG (CSPRNG). A requirement for a CSPRNG is that an adversary not knowing the seed has only negligible advantage in distinguishing the generator's output sequence from a random sequence.

24 questions
1
vote
2 answers

Why are cryptographically secure random number generators required for shared keys?

As I understand, key exchange for secure communications like TLS has a client take a server's public key, generate a random AES key and send that as a shared key for further communication. The key is generated using a cryptographically secure random…
muke
  • 135
  • 2
1
vote
2 answers

If I seed a CSPRNG with a truly random number and call the output, does this make the number more, less or equally "random"?

If I have a JavaScript CSPRNG such as isaac.random(), and I seed it using a truly random number T as such: isaac.seed(T), does this make the result of the CSPRNG more, less, or equally random? I would imagine that with a CSPRNG such as isaac,…
Display Name
  • 71
  • 5
0
votes
0 answers

ChaCha Single-Use RNG with All Zero Plaintext + Nonce

I am creating an internal application that will be used to generate and manage self-signed certificates and certificate authorities. Its primary use will be for generating certificates used in SSL decryption by my clients' firewalls. My goal is to…
Goodies
  • 135
  • 1
  • 8
0
votes
1 answer

Why can't you use True Random Number Generator (TRNG) to generate key stream in Stream Ciphers?

I read in the book that you cannot use True Random Number Generator (TRNG) to generate key stream in Stream Ciphers: We need some type of random number generator to derive the key stream. First, we note that we cannot use a TRNG since, by…
Rodion Iskhakov
  • 103
  • 1
  • 5
0
votes
0 answers

Security consideration for CAPTCHA system

Hi everybody I am developing an image captcha system as a side project something like hcaptcha/Recaptcha - image classification/object localization. I have a few questions regarding the security of such a system. Is it acceptable to use…
Damian Grzanka
  • 101
  • 1
0
votes
1 answer

Generating tokens via PRNG and Hashing

We are using Java and we are planning to create a reusable API that can be used to generate and validate custom tokens. This is how we will do it Step 1: Generate a random number using a good a CSPRNG (Cryptographically Secure Pseudorandom Number…
lecarpetron dookmarion
  • 141
  • 1
  • 2
-1
votes
1 answer

What is "environmental noise"?

I'm looking at way to generate random numbers for cryptographic purposes. More specifically, I looked at the Linux /dev/urandom function, which is considered a real random number generator. There are others number generators such as the glibc rand()…
Sam The Sid
  • 1
  • 2
-1
votes
1 answer

owasp zap api with generate param

my api is: localhost/api/aut/1111111111111111 I wanted a script that generate a code of 16 numeric and test possibility the result 200 or 404
Grenoblois
  • 103
  • 1
-5
votes
2 answers

Is there a way to programatically generate new hash functions that are secure?

Is it possible to programmatically generate different hash functions? Of course, it is. We can simply tweak the numerical parameters of the hash function. But is there a known way to generate secure hash functions programmatically? I got an idea for…
Teodor Dyakov
  • 91
  • 2
1
2