Monthly Archives: February 2016

Thoughts About PRNGs and some Attack Models

For a while now I’ve been thinking about Randomness and uniform data sets , Believe it or not it’s a really fascinating subject but in the same time really complicated .. So In this post I’m going to talk about some models of attacking it.. So lets start !

I suggest that you read this article first if you don’t know what is PRNGs

The Idea behind PRNGs is to provide some random values that is hard to predict but as I mentioned earlier that computers are deterministic machines and so difficult to get new real random data .. In this case we need some Algorithm to give us real random data .. but most of these algorithms have an ‘Internal State’ to seed the generator and every time this internal state should be updated to ensure that the next round will give different data. and in practice this is very easy to do you can use some hash function to do that …

Attacks :

There is a straightforward method for it and that is simply require the attacker to reconstruct the internal state from the output of the function .. personally I think this is a classic attack and you can’t guarantee the output every time .. but maybe the attacker can succeed if there is any flow in the implementation but this is a story for another day for now lets assume that the  system is really good “smiley face”…

Issue number 2: lets assume that the computer is just got booted so this mean that the computer has no enough entropy to take seed from .. so you will end up with predicted values.

Issue number 3 : lets assume that you managed to feed the pool with different event like mouse movement or any type of events .. you will still have small number of entropy and the attacker simply can put many requests to construct the internal state ..

So the best defense against these problem is to have huge number of entropy so you can mix it and feed it to the internal state and you make the attacker guess let say over  2128 .. but this is just a theoretical solution making estimate of the number of entropy is kinda difficult .. but at least you got the idea .. you have to consider a large number of entropy and you have to consider  it in the implementation phase.

Anyway I think you got the idea that achieving true randomness is really hard and if you messed it up your whole system will fall apart.

What is new In Crypto Ghost ?

Hello People who care about privacy  !!!

Finally I had time to update Crypto Ghost and Honestly I’m really happy with this update… And in this post I’m going to explain the latest development .. So what’s new ?

First of All I added new Feature and that is “Removing Images Metadata”  So what is Images metadata ?

With every image you take there are some information stored simultaneously with it .. and this information considered dangerous for those who care about privacy .. for example the image could contain some GPS coordinates !! and there is more but if you are interested you can read about it here .. bottom line is use Crypto Ghost to remove it from your Photos “How simple is that”.

Second Feature is removing Cache after every process .. and this is good to wipe any information that Crypto Ghost may leave after any process .. and this is good to prevent offline attacks..

Yes one more thing .. I fixed some programming bugs ..

Happy Encrypting.