How not to generate random numbers

Randomness is essential to cryptography: cryptographic security depends on private keys that are unpredictable to an attacker. But how good are the random number generators that are actually used in practice? In this talk, I will discuss several large-scale surveys of cryptographic deployments, including TLS, SSH, Bitcoin, and secure smart cards, and show that random number generation flaws are surprisingly widespread. We will see how many of the most commonly used public key encryption and signature schemes can fail catastrophically if used with faulty random number generators, and trace many of the the random number generation flaws we encountered to specific implementations and vulnerable implementation patterns.

Speaker: Nadia Heninger, Univ. of Pennsylvania

Editor's Note: This talk is listed on the home page with a date of 5/13.  However, on the abstract page it is listed for 4/29.  Since another lecture in this series occured on 4/29, we believe the 5/13 date is correct, but you should verify this with Stanford before attending.