Monthly Archives: June 2015

How Pseudo Random Number Generators Works

In any system that we develop we sometime need to generate random numbers or random values so we will use any random generator without asking if it’s really providing real randomness or not, And also when we deal with cryptography we need to use a random generator but this time we will check what if this function will generate a real randomness or not and we will examine the generated values to check that, Why we do that ?,  Because we are dealing with critical information and we really need some uniform data set to work with.

So what is Pseudo Random Number Generator ?

Pseudo Random Number Generators (PRGs/PRNGs)

A PRG is an efficient deterministic algorithm that expands a short, uniform seed into a longer pseudo random output.

And this is good whenever you have small number of true random bits, and you want to expand it and you want to have lots of “random looking” bits

Okay did you ask yourself from where we get this random values ?

generating random values it’s difficult for a computer to generate and that because computers are deterministic machines and can’t produce random values by it’s own so scientists found a way to collect random events like (mouse movements, CPU clock cycles, Hard drive heat , …) and so on.

And this data will be stored in something called the “pool” and this pool it consist of high entropy data, So when ever you want a random data you will be extracting values from the pool.

the second step will take this high entropy data and process it to yield a sequence of nearly independent and unbiased bits, the second step is necessary since high entropy data is not necessarily uniform.

I hope this post gave you a glance of how pseudo random number works and why they are important.

 

Why using non-Random IVs in CBC mode will count as vulnerability ?

Cipher Block Chaining “CBC”

IBM invented the Cipher Block Chaining (CBC) mode of operation in 1976, In CBC mode, each block of plaintext is XORed with the previous ciphertext block before being encrypted. This way, each ciphertext block depends on all plaintext blocks processed up to that point. To make each message unique, an initialization vector must be used in the first block.[1]

601px-CBC_encryption.svg

CBC_decryption

So if you encrypt 2 messages  starting with the same block with the same IV the resulting cipher will be the same so in this case will not be secure !

But why we can’t use a sequential  IV for example  ?? did you think about that ? the IV  will be different every time right? no  you guessed wrong let me demonstrate this issue for you

To demonstrate this let me give you an example about a questionnaire website so the application will have a lot of check boxes and this questionnaire will be sent to a third party organization and the data is already been encrypted so even though he is the admin of the website, he only has access to the cipher text.

In CBC, the IV is XORed (noted by “⊕” below) with the plain text, then run through the block cipher: C1 = Ek(IV ⊕ P1).

Since the Admin can access the cipher text and the IVs are predictable  he can choose questionnaire of his choice and apply the predicted IVs the admin’s  (IVadmin) and customer’s (IVcustomer),  he can choose the plain text for his own questionnaire  like this: Padmin = IVadmin ⊕ IVcustomer ⊕ “false”

The System encrypts this plain text like this:

Cadmin = Ek(IVadmin ⊕ Padmin) = Ek(IVadmin ⊕ (IVadmin ⊕ IVcustomer ⊕ “false”))

The IVadmin ⊕ IVadmin cancels out, which means that Cadmin = Ek(IVcustomer ⊕ “false”)

Now admin can compare Cadmin and Ccustomer. If they are different, he knows that the customer  must have entered “true” for that particular question.

But if the system used a Random IV every time this attack will be useless because the admin can’t predict the IV and can’t predict the answer

And you can see this point clearly in real example protocols like  WEP,  WEP  is vulnerable and now other protocols such as WPA2 is used.

I hope that this post was helpful for you.