Article Lead Image

The random-number generators that power Web encryption are dangerously weak

Someone should probably fix this.


Eric Geller


Posted on Aug 10, 2015   Updated on May 28, 2021, 4:52 am CDT

Cybersecurity experts have found a potentially dangerous flaw that goes straight to the root of online encryption.

Research presented at the Black Hat security conference in Las Vegas, Nevada, last week revealed that the Linux software used by the most widely used random-number generators does not spit out sufficiently random numbers. When the stream of numbers underlying encryption is not random, it makes it easier for hackers to break that encryption by predicting the number stream.

Software that spits out highly random numbers is said to possess a quality called entropy. But according to Bruce Potter, one of the computer scientists who conducted the study, the Linux servers that run the most popular random-number generators possess very low entropy.

“If there’s one theme in the work we did, it’s ‘no one really understands what’s happening…'”

These servers generate random numbers by processing reams of data and translating it into a number stream that encryption tools can use. The less data they have to process, the less random their output will be. Potter’s study found that they were relying on surprisingly little data.

Potter also noticed that these servers weren’t checking entropy levels, meaning that they weren’t verifying how reliable their random-number streams were.

Potter and Sasha Wood, a senior engineer at KEYW Corporation, where Potter is CTO, presented a talk called Managing and Understanding Entropy Usage” at this year’s Black Hat conference. “If there’s one theme in the work we did,” they noted early in their presentation, “it’s ‘no one really understands what’s happening with respect to entropy and randomness in the enterprise.'”

Random-number generators are one of the least discussed but most crucial building blocks of the encryption that secures billions of people’s emails and documents. Attempts to undermine encryption have, in many cases, focused on these basic systems.

In 2006, the NSA built a pseudorandom-number generator whose output it could predict. The spy agency then convinced a government body to recommend its adoption across industries and federal agencies. That standard, called Dual_EC_DRBG, fatally compromised the encryption in every product that relied on it by exposing it to NSA surveillance. By applying its knowledge of how number generation worked, the NSA could defeat any encryption built on top of its standard.

The resulting disclosure of the “backdoor” in Dual_EC_DRBG forever changed the relationship between private security engineers and the government’s technical-standards group, called the National Institute of Standards and Technology (NIST). It is too early to know how businesses will change thanks to Potter and Woods’ research.

H/T BBC | Photo via opengridscheduler/Flickr (PD)

Share this article
*First Published: Aug 10, 2015, 1:11 pm CDT