Researchers say web encryption number generators are not strong enough

Next Story

Users warned to keep Facebook details safe

The systems used to create random numbers for web encryption aren’t tough enough, according to researchers.

Generating scrambled numbers is an essential security measure used to prevent online fraud and identity theft.

Vulnerabilities of the system

Security analyst Bruce Potter and researcher Sasha Wood presented their evidence at the Black Hat security event that was recently held in Las Vegas. The gathering is a well-known fixture on the social calendar of hackers and digital security experts.

The pair’s study found weaknesses in widely used software on Linux-based web server systems that creates strings of data used as a “seed” for generating random numbers.

Pools of data

Generating unpredictable random numbers involves a server using mouse movements and keyboard presses, amongst other stimulus, to create a binary stream of numbers. This “pool” of data is the basis of the actual number generation.

Potter explained that “entropy” is the key factor in the process, using the example of an unshuffled pack of cards being predictable but a shuffled pack having more entropy because it’s harder to know where each card is.

The same is true of data pools where the higher the entropy, the harder it is to predict the random number that will be produced.

Linux servers pose risk

Potter went on to say that the entropy of the data streams on Linux servers was often very low because of a lack of raw information, adding that server security software did little to check the level of entropy.

“This seemed like just an interesting problem when we got started but as we went on it got scary,” said Potter


VibCode transducer by Pruftechnik picture
VibCode transducer by Pruftechnik
ZONARE MEDICAL SYSTEMS  TRANSDUCER L8-3 (AS IS) picture
ZONARE MEDICAL SYSTEMS TRANSDUCER L8-3 (AS IS)
Fairchild P/I Pressure Transducer. Model T8000 picture
Fairchild P/I Pressure Transducer. Model T8000
Omegadyne MMA150C1T4C5T4A5CE Pressure Transducer 0-7800 psi picture
Omegadyne MMA150C1T4C5T4A5CE Pressure Transducer 0-7800 psi
MKS Instruments Baratron Pressure Transducer 10 TORR Range, 3
MKS Instruments Baratron Pressure Transducer 10 TORR Range, 3" Mod 628B11TCE1B