SlideShare ist ein Scribd-Unternehmen logo

Much ado about randomness. What is really a random number?

‱Als PPT, PDF herunterladen‱
‱
Aleksandr Yampolskiy
Aleksandr Yampolskiy

Much ado about randomness. What is really a random number?

Technologie
1 von 36
Much Ado About Randomness Aleksandr Yampolskiy, Ph.D.
Randomness Random number generation is easy to get wrong.
In Theory ,[object Object],[object Object],[object Object],[object Object],[object Object]
In Practice ,[object Object],[object Object],[object Object],[object Object],[object Object]
Example #1 ,[object Object],[object Object],[object Object],X Windows “magic cookie” used a weak LCG generator and was guessable in X11R6.
Example #2 ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Jetty 4.2.26 used java.util.Random to generate predictable session ID which could be brute-forced.
Example #3 ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],bad! In 1996, two UC Berkeley students reverse exploit Netscape 1.1
Lessons Learnt ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Two Types of Randomness ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
What is (Pseudo)-Random? PRG random seed pseudorandom string ,[object Object],[object Object],01010111001
 1001
What is (Pseudo)-Random? (cont.) PRG random seed pseudorandom string random string look indistinguishable to any efficient observer Definition [Blum-Micali-Yao]: PRG is a polytime function whose output is indistinguishable from random by any efficient observer 01010111001
 11010011010
 1001
Attacking Weak PRGs Find programs with weak PRG Break-in Guess the initial seed of a PRG Guess the state of a PRG
Finding programs with weak PRG ,[object Object],[object Object],[object Object],[object Object],[object Object]
Finding programs with weak PRG (cont.) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Know Weak API ,[object Object],[object Object]
Reverse Engineering The Binaries ,[object Object],root# javap -c BadRandom | grep Random Compiled from &quot;BadRandom.java&quot; public class BadRandom extends java.lang.Object{ public BadRandom(); 0: new #2; //class java/util/Random 4: invokespecial #3; //Method java/util/Random.&quot;<init>&quot;:()V 24: invokevirtual #9; //Method java/util/Random.nextInt:()I
Reverse Engineering the Binaries ,[object Object],[object Object],root# strings bad_random __gmon_start libc.so.6 _IO_stdin_used srand time printf 
 root# nm bad_random | grep rand         U rand@@GLIBC_2.0         U srand@@GLIBC_2.0
Analyzing the Output Without Binaries ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
java.util.Random Random&quot; points plotted on acube using the infamousRANDU algorithm. ,[object Object],[object Object]
java.security. SecureRandom class SpinStop extends Throwable { SpinStop() {} } class SpinSlave extends Thread { long millis; Thread parent; SpinSlave(long millis, Thread parent) { this.millis= millis; this.parent= parent; } public void run() { try { Thread.sleep(millis); parent.stop(new SpinStop()); stop(); } catch (InterruptedException ex) { parent.stop(ex); } } } class SpinMaster extends Thread { long millis; long counter; SpinMaster(long millis) { this.millis= millis; this.counter= 0; } public void run() { try { Thread t= new SpinSlave(millis, this); t.start(); while (true) { counter ++; Thread.yield(); } } catch (SpinStop s) { } } } public class Spinner { public static long spin(long millis) throws InterruptedException { SpinMaster t= new SpinMaster(millis); t.start(); t.join(); return t.counter; } } SHA1PRNG + Thread Scheduling
Entropy of java.util.Random ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Is java.security.SecureRandom that much worse than java.util.Random? ,[object Object],[object Object],[object Object],[object Object],[object Object]
Hacking Java bytecode to use SecureRandom ,[object Object],[object Object],[object Object],public class ChangeMethodCallAdapter extends MethodAdapter {    @Override    public void visitMethodInsn(int opcode, String owner, String name, String desc) {      System.out.println(&quot;ChangeMethodCallAdapter(): opcode=&quot; + opcode + &quot;,owner=&quot; + owner + &quot;,name=&quot; + name + &quot;,desc=&quot; + desc);      if (&quot;java/util/Random&quot;.equals(owner)) {          mv.visitMethodInsn(opcode, &quot;java/security/SecureRandom&quot;, name, desc);      } else {          mv.visitMethodInsn(opcode, owner, name, desc);      }    } gilt-ml-ayampolskiy:ClassTransformer ayampolskiy$ javap -c API | grep Random    8: new #5; //class java/util/Random    12: invokespecial #6; //Method java/util/Random.&quot;<init>&quot;:()V    27: invokevirtual #7; //Method java/util/Random.nextInt:(I)I gilt-ml-ayampolskiy:new ayampolskiy$ javap -c API | grep Random    8: new #28; //class java/util/Random    12: invokespecial #31; //Method java/security/SecureRandom.&quot;<init>&quot;:()V    27: invokevirtual #35; //Method java/security/SecureRandom.nextInt:(I )I
Google Hacking ,[object Object],[object Object],[object Object],[object Object]
Testing Randomness of Client Programs ,[object Object],[object Object]
“ We could not arrest or charge this suspect because technically, no offence was being committed as there was no legislation in place to say that the act being committed was criminal. So, we had to let him go,” said Sergeant Jemesa Lave of the Fiji Police Cyber Crime Unit.
Amazon.com experiment ,[object Object]
Testing Randomness of Web-Based Programs ,[object Object],[object Object]
WebScarab – Predictable Cookies Entropy is a measure of uncertainty regarding a discrete random variable. For many purposes, the Shannon entropy is the only measure needed. Shannon entropy is defined byShannon (4.1) has the unit bits. Not amazon.com
WebScarab – amazon.com
Burpsuite - amazon.com
BurpSuite – amazon.com Typical amazon.com session-id 18 0-3029497-6907862
BurpSuite – amazon.com
Conclusion ,[object Object],[object Object],[object Object],[object Object]
Questions, Comments?
References ,[object Object],[object Object]

Empfohlen

OWASP Much ado about randomness
OWASP Much ado about randomnessOWASP Much ado about randomness
OWASP Much ado about randomnessAleksandr Yampolskiy
 
Alexey Sintsov- SDLC - try me to implement
Alexey Sintsov- SDLC - try me to implementAlexey Sintsov- SDLC - try me to implement
Alexey Sintsov- SDLC - try me to implementDefconRussia
 
Eloi Sanfelix - Hardware security: Side Channel Attacks [RootedCON 2011]
Eloi Sanfelix - Hardware security: Side Channel Attacks [RootedCON 2011]Eloi Sanfelix - Hardware security: Side Channel Attacks [RootedCON 2011]
Eloi Sanfelix - Hardware security: Side Channel Attacks [RootedCON 2011]RootedCON
 
OWASP Poland Day 2018 - Pedro Fortuna - Are your Java Script based protection...
OWASP Poland Day 2018 - Pedro Fortuna - Are your Java Script based protection...OWASP Poland Day 2018 - Pedro Fortuna - Are your Java Script based protection...
OWASP Poland Day 2018 - Pedro Fortuna - Are your Java Script based protection...OWASP
 
Threat stack aws
Threat stack awsThreat stack aws
Threat stack awsJen Andre
 
Đ­ĐșŃĐżĐ»ŃƒĐ°Ń‚ĐžŃ€ŃƒĐ”ĐŒ ĐœĐ”ŃĐșŃĐżĐ»ŃƒĐ°Ń‚ĐžŃ€ŃƒĐ”ĐŒŃ‹Đ” ŃƒŃĐ·ĐČĐžĐŒĐŸŃŃ‚Đž SAP
Đ­ĐșŃĐżĐ»ŃƒĐ°Ń‚ĐžŃ€ŃƒĐ”ĐŒ ĐœĐ”ŃĐșŃĐżĐ»ŃƒĐ°Ń‚ĐžŃ€ŃƒĐ”ĐŒŃ‹Đ” ŃƒŃĐ·ĐČĐžĐŒĐŸŃŃ‚Đž SAPĐ­ĐșŃĐżĐ»ŃƒĐ°Ń‚ĐžŃ€ŃƒĐ”ĐŒ ĐœĐ”ŃĐșŃĐżĐ»ŃƒĐ°Ń‚ĐžŃ€ŃƒĐ”ĐŒŃ‹Đ” ŃƒŃĐ·ĐČĐžĐŒĐŸŃŃ‚Đž SAP
Đ­ĐșŃĐżĐ»ŃƒĐ°Ń‚ĐžŃ€ŃƒĐ”ĐŒ ĐœĐ”ŃĐșŃĐżĐ»ŃƒĐ°Ń‚ĐžŃ€ŃƒĐ”ĐŒŃ‹Đ” ŃƒŃĐ·ĐČĐžĐŒĐŸŃŃ‚Đž SAPPositive Hack Days
 
Do WAFs dream of static analyzers
Do WAFs dream of static analyzersDo WAFs dream of static analyzers
Do WAFs dream of static analyzersVladimir Kochetkov
 
groovy & grails - lecture 7
groovy & grails - lecture 7groovy & grails - lecture 7
groovy & grails - lecture 7Alexandre Masselot
 

Empfohlen

OWASP Much ado about randomness
OWASP Much ado about randomnessOWASP Much ado about randomness
OWASP Much ado about randomnessAleksandr Yampolskiy
 
Alexey Sintsov- SDLC - try me to implement
Alexey Sintsov- SDLC - try me to implementAlexey Sintsov- SDLC - try me to implement
Alexey Sintsov- SDLC - try me to implementDefconRussia
 
Eloi Sanfelix - Hardware security: Side Channel Attacks [RootedCON 2011]
Eloi Sanfelix - Hardware security: Side Channel Attacks [RootedCON 2011]Eloi Sanfelix - Hardware security: Side Channel Attacks [RootedCON 2011]
Eloi Sanfelix - Hardware security: Side Channel Attacks [RootedCON 2011]RootedCON
 
OWASP Poland Day 2018 - Pedro Fortuna - Are your Java Script based protection...
OWASP Poland Day 2018 - Pedro Fortuna - Are your Java Script based protection...OWASP Poland Day 2018 - Pedro Fortuna - Are your Java Script based protection...
OWASP Poland Day 2018 - Pedro Fortuna - Are your Java Script based protection...OWASP
 
Threat stack aws
Threat stack awsThreat stack aws
Threat stack awsJen Andre
 
Đ­ĐșŃĐżĐ»ŃƒĐ°Ń‚ĐžŃ€ŃƒĐ”ĐŒ ĐœĐ”ŃĐșŃĐżĐ»ŃƒĐ°Ń‚ĐžŃ€ŃƒĐ”ĐŒŃ‹Đ” ŃƒŃĐ·ĐČĐžĐŒĐŸŃŃ‚Đž SAP
Đ­ĐșŃĐżĐ»ŃƒĐ°Ń‚ĐžŃ€ŃƒĐ”ĐŒ ĐœĐ”ŃĐșŃĐżĐ»ŃƒĐ°Ń‚ĐžŃ€ŃƒĐ”ĐŒŃ‹Đ” ŃƒŃĐ·ĐČĐžĐŒĐŸŃŃ‚Đž SAPĐ­ĐșŃĐżĐ»ŃƒĐ°Ń‚ĐžŃ€ŃƒĐ”ĐŒ ĐœĐ”ŃĐșŃĐżĐ»ŃƒĐ°Ń‚ĐžŃ€ŃƒĐ”ĐŒŃ‹Đ” ŃƒŃĐ·ĐČĐžĐŒĐŸŃŃ‚Đž SAP
Đ­ĐșŃĐżĐ»ŃƒĐ°Ń‚ĐžŃ€ŃƒĐ”ĐŒ ĐœĐ”ŃĐșŃĐżĐ»ŃƒĐ°Ń‚ĐžŃ€ŃƒĐ”ĐŒŃ‹Đ” ŃƒŃĐ·ĐČĐžĐŒĐŸŃŃ‚Đž SAPPositive Hack Days
 
Do WAFs dream of static analyzers
Do WAFs dream of static analyzersDo WAFs dream of static analyzers
Do WAFs dream of static analyzersVladimir Kochetkov
 
groovy & grails - lecture 7
groovy & grails - lecture 7groovy & grails - lecture 7
groovy & grails - lecture 7Alexandre Masselot
 
The Anatomy of an Exploit (NDC TechTown 2019))
The Anatomy of an Exploit (NDC TechTown 2019))The Anatomy of an Exploit (NDC TechTown 2019))
The Anatomy of an Exploit (NDC TechTown 2019))Patricia Aas
 
1300 david oswald id and ip theft with side-channel attacks
1300 david oswald id and ip theft with side-channel attacks1300 david oswald id and ip theft with side-channel attacks
1300 david oswald id and ip theft with side-channel attacksPositive Hack Days
 
The Anatomy of an Exploit (NDC TechTown 2019)
The Anatomy of an Exploit (NDC TechTown 2019)The Anatomy of an Exploit (NDC TechTown 2019)
The Anatomy of an Exploit (NDC TechTown 2019)Patricia Aas
 
SAST and Application Security: how to fight vulnerabilities in the code
SAST and Application Security: how to fight vulnerabilities in the codeSAST and Application Security: how to fight vulnerabilities in the code
SAST and Application Security: how to fight vulnerabilities in the codeAndrey Karpov
 
[PH-Neutral 0x7db] Exploit Next GenerationÂź
[PH-Neutral 0x7db] Exploit Next GenerationÂź[PH-Neutral 0x7db] Exploit Next GenerationÂź
[PH-Neutral 0x7db] Exploit Next GenerationÂźNelson Brito
 
Exploitation and State Machines
Exploitation and State MachinesExploitation and State Machines
Exploitation and State MachinesMichael Scovetta
 
Defcon 22-colby-moore-patrick-wardle-synack-drop cam
Defcon 22-colby-moore-patrick-wardle-synack-drop camDefcon 22-colby-moore-patrick-wardle-synack-drop cam
Defcon 22-colby-moore-patrick-wardle-synack-drop camPriyanka Aash
 
Offensive cyber security: Smashing the stack with Python
Offensive cyber security: Smashing the stack with PythonOffensive cyber security: Smashing the stack with Python
Offensive cyber security: Smashing the stack with PythonMalachi Jones
 
Embedded device hacking Session i
Embedded device hacking Session iEmbedded device hacking Session i
Embedded device hacking Session iMalachi Jones
 
Applications secure by default
Applications secure by defaultApplications secure by default
Applications secure by defaultSecuRing
 
ĐĄĐŸĐČŃ€Đ”ĐŒĐ”ĐœĐœŃ‹Đ” Ń‚Đ”Ń…ĐœĐŸĐ»ĐŸĐłĐžĐž Đž ĐžĐœŃŃ‚Ń€ŃƒĐŒĐ”ĐœŃ‚Ń‹ Đ°ĐœĐ°Đ»ĐžĐ·Đ° ĐČŃ€Đ”ĐŽĐŸĐœĐŸŃĐœĐŸĐłĐŸ ПО_PHDays_2017_Pisk...
ĐĄĐŸĐČŃ€Đ”ĐŒĐ”ĐœĐœŃ‹Đ” Ń‚Đ”Ń…ĐœĐŸĐ»ĐŸĐłĐžĐž Đž ĐžĐœŃŃ‚Ń€ŃƒĐŒĐ”ĐœŃ‚Ń‹ Đ°ĐœĐ°Đ»ĐžĐ·Đ° ĐČŃ€Đ”ĐŽĐŸĐœĐŸŃĐœĐŸĐłĐŸ ПО_PHDays_2017_Pisk...ĐĄĐŸĐČŃ€Đ”ĐŒĐ”ĐœĐœŃ‹Đ” Ń‚Đ”Ń…ĐœĐŸĐ»ĐŸĐłĐžĐž Đž ĐžĐœŃŃ‚Ń€ŃƒĐŒĐ”ĐœŃ‚Ń‹ Đ°ĐœĐ°Đ»ĐžĐ·Đ° ĐČŃ€Đ”ĐŽĐŸĐœĐŸŃĐœĐŸĐłĐŸ ПО_PHDays_2017_Pisk...
ĐĄĐŸĐČŃ€Đ”ĐŒĐ”ĐœĐœŃ‹Đ” Ń‚Đ”Ń…ĐœĐŸĐ»ĐŸĐłĐžĐž Đž ĐžĐœŃŃ‚Ń€ŃƒĐŒĐ”ĐœŃ‚Ń‹ Đ°ĐœĐ°Đ»ĐžĐ·Đ° ĐČŃ€Đ”ĐŽĐŸĐœĐŸŃĐœĐŸĐłĐŸ ПО_PHDays_2017_Pisk...Ivan Piskunov
 
Chromium Sandbox on Linux (NDC Security 2019)
Chromium Sandbox on Linux (NDC Security 2019)Chromium Sandbox on Linux (NDC Security 2019)
Chromium Sandbox on Linux (NDC Security 2019)Patricia Aas
 
Super1
Super1Super1
Super1neelakanteswarreddy
 
Shooting the troubles: Crashes, Slowdowns, CPU Spikes
Shooting the troubles: Crashes, Slowdowns, CPU SpikesShooting the troubles: Crashes, Slowdowns, CPU Spikes
Shooting the troubles: Crashes, Slowdowns, CPU SpikesTier1 app
 
Codetainer: a Docker-based browser code 'sandbox'
Codetainer: a Docker-based browser code 'sandbox'Codetainer: a Docker-based browser code 'sandbox'
Codetainer: a Docker-based browser code 'sandbox'Jen Andre
 
Malware Analysis on a Shoestring Budget
Malware Analysis on a Shoestring BudgetMalware Analysis on a Shoestring Budget
Malware Analysis on a Shoestring BudgetMichael Boman
 
Classic Vulnerabilities (ACCU Keynote 2022)
Classic Vulnerabilities (ACCU Keynote 2022)Classic Vulnerabilities (ACCU Keynote 2022)
Classic Vulnerabilities (ACCU Keynote 2022)Patricia Aas
 
System Hacking Tutorial #1 - Introduction to Vulnerability and Type of Vulner...
System Hacking Tutorial #1 - Introduction to Vulnerability and Type of Vulner...System Hacking Tutorial #1 - Introduction to Vulnerability and Type of Vulner...
System Hacking Tutorial #1 - Introduction to Vulnerability and Type of Vulner...sanghwan ahn
 
Source Boston 2009 - Anti-Debugging A Developers Viewpoint
Source Boston 2009 - Anti-Debugging A Developers ViewpointSource Boston 2009 - Anti-Debugging A Developers Viewpoint
Source Boston 2009 - Anti-Debugging A Developers ViewpointTyler Shields
 
Cisco IOS shellcode: All-in-one
Cisco IOS shellcode: All-in-oneCisco IOS shellcode: All-in-one
Cisco IOS shellcode: All-in-oneDefconRussia
 
Secure coding for developers
Secure coding for developersSecure coding for developers
Secure coding for developerssluge
 
Crypto failures every developer should avoid
Crypto failures every developer should avoidCrypto failures every developer should avoid
Crypto failures every developer should avoidOwaspCzech
 

Weitere Àhnliche Inhalte

Was ist angesagt?

The Anatomy of an Exploit (NDC TechTown 2019))
The Anatomy of an Exploit (NDC TechTown 2019))The Anatomy of an Exploit (NDC TechTown 2019))
The Anatomy of an Exploit (NDC TechTown 2019))Patricia Aas
 
1300 david oswald id and ip theft with side-channel attacks
1300 david oswald id and ip theft with side-channel attacks1300 david oswald id and ip theft with side-channel attacks
1300 david oswald id and ip theft with side-channel attacksPositive Hack Days
 
The Anatomy of an Exploit (NDC TechTown 2019)
The Anatomy of an Exploit (NDC TechTown 2019)The Anatomy of an Exploit (NDC TechTown 2019)
The Anatomy of an Exploit (NDC TechTown 2019)Patricia Aas
 
SAST and Application Security: how to fight vulnerabilities in the code
SAST and Application Security: how to fight vulnerabilities in the codeSAST and Application Security: how to fight vulnerabilities in the code
SAST and Application Security: how to fight vulnerabilities in the codeAndrey Karpov
 
[PH-Neutral 0x7db] Exploit Next GenerationÂź
[PH-Neutral 0x7db] Exploit Next GenerationÂź[PH-Neutral 0x7db] Exploit Next GenerationÂź
[PH-Neutral 0x7db] Exploit Next GenerationÂźNelson Brito
 
Exploitation and State Machines
Exploitation and State MachinesExploitation and State Machines
Exploitation and State MachinesMichael Scovetta
 
Defcon 22-colby-moore-patrick-wardle-synack-drop cam
Defcon 22-colby-moore-patrick-wardle-synack-drop camDefcon 22-colby-moore-patrick-wardle-synack-drop cam
Defcon 22-colby-moore-patrick-wardle-synack-drop camPriyanka Aash
 
Offensive cyber security: Smashing the stack with Python
Offensive cyber security: Smashing the stack with PythonOffensive cyber security: Smashing the stack with Python
Offensive cyber security: Smashing the stack with PythonMalachi Jones
 
Embedded device hacking Session i
Embedded device hacking Session iEmbedded device hacking Session i
Embedded device hacking Session iMalachi Jones
 
Applications secure by default
Applications secure by defaultApplications secure by default
Applications secure by defaultSecuRing
 
ĐĄĐŸĐČŃ€Đ”ĐŒĐ”ĐœĐœŃ‹Đ” Ń‚Đ”Ń…ĐœĐŸĐ»ĐŸĐłĐžĐž Đž ĐžĐœŃŃ‚Ń€ŃƒĐŒĐ”ĐœŃ‚Ń‹ Đ°ĐœĐ°Đ»ĐžĐ·Đ° ĐČŃ€Đ”ĐŽĐŸĐœĐŸŃĐœĐŸĐłĐŸ ПО_PHDays_2017_Pisk...
ĐĄĐŸĐČŃ€Đ”ĐŒĐ”ĐœĐœŃ‹Đ” Ń‚Đ”Ń…ĐœĐŸĐ»ĐŸĐłĐžĐž Đž ĐžĐœŃŃ‚Ń€ŃƒĐŒĐ”ĐœŃ‚Ń‹ Đ°ĐœĐ°Đ»ĐžĐ·Đ° ĐČŃ€Đ”ĐŽĐŸĐœĐŸŃĐœĐŸĐłĐŸ ПО_PHDays_2017_Pisk...ĐĄĐŸĐČŃ€Đ”ĐŒĐ”ĐœĐœŃ‹Đ” Ń‚Đ”Ń…ĐœĐŸĐ»ĐŸĐłĐžĐž Đž ĐžĐœŃŃ‚Ń€ŃƒĐŒĐ”ĐœŃ‚Ń‹ Đ°ĐœĐ°Đ»ĐžĐ·Đ° ĐČŃ€Đ”ĐŽĐŸĐœĐŸŃĐœĐŸĐłĐŸ ПО_PHDays_2017_Pisk...
ĐĄĐŸĐČŃ€Đ”ĐŒĐ”ĐœĐœŃ‹Đ” Ń‚Đ”Ń…ĐœĐŸĐ»ĐŸĐłĐžĐž Đž ĐžĐœŃŃ‚Ń€ŃƒĐŒĐ”ĐœŃ‚Ń‹ Đ°ĐœĐ°Đ»ĐžĐ·Đ° ĐČŃ€Đ”ĐŽĐŸĐœĐŸŃĐœĐŸĐłĐŸ ПО_PHDays_2017_Pisk...Ivan Piskunov
 
Chromium Sandbox on Linux (NDC Security 2019)
Chromium Sandbox on Linux (NDC Security 2019)Chromium Sandbox on Linux (NDC Security 2019)
Chromium Sandbox on Linux (NDC Security 2019)Patricia Aas
 
Shooting the troubles: Crashes, Slowdowns, CPU Spikes
Shooting the troubles: Crashes, Slowdowns, CPU SpikesShooting the troubles: Crashes, Slowdowns, CPU Spikes
Shooting the troubles: Crashes, Slowdowns, CPU SpikesTier1 app
 
Codetainer: a Docker-based browser code 'sandbox'
Codetainer: a Docker-based browser code 'sandbox'Codetainer: a Docker-based browser code 'sandbox'
Codetainer: a Docker-based browser code 'sandbox'Jen Andre
 
Malware Analysis on a Shoestring Budget
Malware Analysis on a Shoestring BudgetMalware Analysis on a Shoestring Budget
Malware Analysis on a Shoestring BudgetMichael Boman
 
Classic Vulnerabilities (ACCU Keynote 2022)
Classic Vulnerabilities (ACCU Keynote 2022)Classic Vulnerabilities (ACCU Keynote 2022)
Classic Vulnerabilities (ACCU Keynote 2022)Patricia Aas
 
System Hacking Tutorial #1 - Introduction to Vulnerability and Type of Vulner...
System Hacking Tutorial #1 - Introduction to Vulnerability and Type of Vulner...System Hacking Tutorial #1 - Introduction to Vulnerability and Type of Vulner...
System Hacking Tutorial #1 - Introduction to Vulnerability and Type of Vulner...sanghwan ahn
 
Source Boston 2009 - Anti-Debugging A Developers Viewpoint
Source Boston 2009 - Anti-Debugging A Developers ViewpointSource Boston 2009 - Anti-Debugging A Developers Viewpoint
Source Boston 2009 - Anti-Debugging A Developers ViewpointTyler Shields
 
Cisco IOS shellcode: All-in-one
Cisco IOS shellcode: All-in-oneCisco IOS shellcode: All-in-one
Cisco IOS shellcode: All-in-oneDefconRussia
 

Was ist angesagt? (20)

The Anatomy of an Exploit (NDC TechTown 2019))
The Anatomy of an Exploit (NDC TechTown 2019))The Anatomy of an Exploit (NDC TechTown 2019))
The Anatomy of an Exploit (NDC TechTown 2019))
 
1300 david oswald id and ip theft with side-channel attacks
1300 david oswald id and ip theft with side-channel attacks1300 david oswald id and ip theft with side-channel attacks
1300 david oswald id and ip theft with side-channel attacks
 
The Anatomy of an Exploit (NDC TechTown 2019)
The Anatomy of an Exploit (NDC TechTown 2019)The Anatomy of an Exploit (NDC TechTown 2019)
The Anatomy of an Exploit (NDC TechTown 2019)
 
SAST and Application Security: how to fight vulnerabilities in the code
SAST and Application Security: how to fight vulnerabilities in the codeSAST and Application Security: how to fight vulnerabilities in the code
SAST and Application Security: how to fight vulnerabilities in the code
 
[PH-Neutral 0x7db] Exploit Next GenerationÂź
[PH-Neutral 0x7db] Exploit Next GenerationÂź[PH-Neutral 0x7db] Exploit Next GenerationÂź
[PH-Neutral 0x7db] Exploit Next GenerationÂź
 
Exploitation and State Machines
Exploitation and State MachinesExploitation and State Machines
Exploitation and State Machines
 
Defcon 22-colby-moore-patrick-wardle-synack-drop cam
Defcon 22-colby-moore-patrick-wardle-synack-drop camDefcon 22-colby-moore-patrick-wardle-synack-drop cam
Defcon 22-colby-moore-patrick-wardle-synack-drop cam
 
Offensive cyber security: Smashing the stack with Python
Offensive cyber security: Smashing the stack with PythonOffensive cyber security: Smashing the stack with Python
Offensive cyber security: Smashing the stack with Python
 
Embedded device hacking Session i
Embedded device hacking Session iEmbedded device hacking Session i
Embedded device hacking Session i
 
Applications secure by default
Applications secure by defaultApplications secure by default
Applications secure by default
 
ĐĄĐŸĐČŃ€Đ”ĐŒĐ”ĐœĐœŃ‹Đ” Ń‚Đ”Ń…ĐœĐŸĐ»ĐŸĐłĐžĐž Đž ĐžĐœŃŃ‚Ń€ŃƒĐŒĐ”ĐœŃ‚Ń‹ Đ°ĐœĐ°Đ»ĐžĐ·Đ° ĐČŃ€Đ”ĐŽĐŸĐœĐŸŃĐœĐŸĐłĐŸ ПО_PHDays_2017_Pisk...
ĐĄĐŸĐČŃ€Đ”ĐŒĐ”ĐœĐœŃ‹Đ” Ń‚Đ”Ń…ĐœĐŸĐ»ĐŸĐłĐžĐž Đž ĐžĐœŃŃ‚Ń€ŃƒĐŒĐ”ĐœŃ‚Ń‹ Đ°ĐœĐ°Đ»ĐžĐ·Đ° ĐČŃ€Đ”ĐŽĐŸĐœĐŸŃĐœĐŸĐłĐŸ ПО_PHDays_2017_Pisk...ĐĄĐŸĐČŃ€Đ”ĐŒĐ”ĐœĐœŃ‹Đ” Ń‚Đ”Ń…ĐœĐŸĐ»ĐŸĐłĐžĐž Đž ĐžĐœŃŃ‚Ń€ŃƒĐŒĐ”ĐœŃ‚Ń‹ Đ°ĐœĐ°Đ»ĐžĐ·Đ° ĐČŃ€Đ”ĐŽĐŸĐœĐŸŃĐœĐŸĐłĐŸ ПО_PHDays_2017_Pisk...
ĐĄĐŸĐČŃ€Đ”ĐŒĐ”ĐœĐœŃ‹Đ” Ń‚Đ”Ń…ĐœĐŸĐ»ĐŸĐłĐžĐž Đž ĐžĐœŃŃ‚Ń€ŃƒĐŒĐ”ĐœŃ‚Ń‹ Đ°ĐœĐ°Đ»ĐžĐ·Đ° ĐČŃ€Đ”ĐŽĐŸĐœĐŸŃĐœĐŸĐłĐŸ ПО_PHDays_2017_Pisk...
 
Chromium Sandbox on Linux (NDC Security 2019)
Chromium Sandbox on Linux (NDC Security 2019)Chromium Sandbox on Linux (NDC Security 2019)
Chromium Sandbox on Linux (NDC Security 2019)
 
Super1
Super1Super1
Super1
 
Shooting the troubles: Crashes, Slowdowns, CPU Spikes
Shooting the troubles: Crashes, Slowdowns, CPU SpikesShooting the troubles: Crashes, Slowdowns, CPU Spikes
Shooting the troubles: Crashes, Slowdowns, CPU Spikes
 
Codetainer: a Docker-based browser code 'sandbox'
Codetainer: a Docker-based browser code 'sandbox'Codetainer: a Docker-based browser code 'sandbox'
Codetainer: a Docker-based browser code 'sandbox'
 
Malware Analysis on a Shoestring Budget
Malware Analysis on a Shoestring BudgetMalware Analysis on a Shoestring Budget
Malware Analysis on a Shoestring Budget
 
Classic Vulnerabilities (ACCU Keynote 2022)
Classic Vulnerabilities (ACCU Keynote 2022)Classic Vulnerabilities (ACCU Keynote 2022)
Classic Vulnerabilities (ACCU Keynote 2022)
 
System Hacking Tutorial #1 - Introduction to Vulnerability and Type of Vulner...
System Hacking Tutorial #1 - Introduction to Vulnerability and Type of Vulner...System Hacking Tutorial #1 - Introduction to Vulnerability and Type of Vulner...
System Hacking Tutorial #1 - Introduction to Vulnerability and Type of Vulner...
 
Source Boston 2009 - Anti-Debugging A Developers Viewpoint
Source Boston 2009 - Anti-Debugging A Developers ViewpointSource Boston 2009 - Anti-Debugging A Developers Viewpoint
Source Boston 2009 - Anti-Debugging A Developers Viewpoint
 
Cisco IOS shellcode: All-in-one
Cisco IOS shellcode: All-in-oneCisco IOS shellcode: All-in-one
Cisco IOS shellcode: All-in-one
 

Ähnlich wie Much ado about randomness. What is really a random number?

Secure coding for developers
Secure coding for developersSecure coding for developers
Secure coding for developerssluge
 
Crypto failures every developer should avoid
Crypto failures every developer should avoidCrypto failures every developer should avoid
Crypto failures every developer should avoidOwaspCzech
 
Crypto failures every developer should avoid
Crypto failures every developer should avoidCrypto failures every developer should avoid
Crypto failures every developer should avoidFilip Ć ebesta
 
Eight simple rules to writing secure PHP programs
Eight simple rules to writing secure PHP programsEight simple rules to writing secure PHP programs
Eight simple rules to writing secure PHP programsAleksandr Yampolskiy
 
How to reverse engineer Android applications
How to reverse engineer Android applicationsHow to reverse engineer Android applications
How to reverse engineer Android applicationshubx
 
How to reverse engineer Android applications—using a popular word game as an ...
How to reverse engineer Android applications—using a popular word game as an ...How to reverse engineer Android applications—using a popular word game as an ...
How to reverse engineer Android applications—using a popular word game as an ...Christoph Matthies
 
Us 17-krug-hacking-severless-runtimes
Us 17-krug-hacking-severless-runtimesUs 17-krug-hacking-severless-runtimes
Us 17-krug-hacking-severless-runtimesRavishankar Somasundaram
 
14 key management & exchange
14 key management & exchange14 key management & exchange
14 key management & exchangedrewz lin
 
Java/Scala Lab 2016. Đ’Đ»Đ°ĐŽĐžĐŒĐžŃ€ Đ“Đ°Ń€Đ±ŃƒĐ·: ĐĐ°ĐżĐžŃĐ°ĐœĐžĐ” Đ±Đ”Đ·ĐŸĐżĐ°ŃĐœĐŸĐłĐŸ ĐșĐŸĐŽĐ° ĐœĐ° Java.
Java/Scala Lab 2016. Đ’Đ»Đ°ĐŽĐžĐŒĐžŃ€ Đ“Đ°Ń€Đ±ŃƒĐ·: ĐĐ°ĐżĐžŃĐ°ĐœĐžĐ” Đ±Đ”Đ·ĐŸĐżĐ°ŃĐœĐŸĐłĐŸ ĐșĐŸĐŽĐ° ĐœĐ° Java.Java/Scala Lab 2016. Đ’Đ»Đ°ĐŽĐžĐŒĐžŃ€ Đ“Đ°Ń€Đ±ŃƒĐ·: ĐĐ°ĐżĐžŃĐ°ĐœĐžĐ” Đ±Đ”Đ·ĐŸĐżĐ°ŃĐœĐŸĐłĐŸ ĐșĐŸĐŽĐ° ĐœĐ° Java.
Java/Scala Lab 2016. Đ’Đ»Đ°ĐŽĐžĐŒĐžŃ€ Đ“Đ°Ń€Đ±ŃƒĐ·: ĐĐ°ĐżĐžŃĐ°ĐœĐžĐ” Đ±Đ”Đ·ĐŸĐżĐ°ŃĐœĐŸĐłĐŸ ĐșĐŸĐŽĐ° ĐœĐ° Java.GeeksLab Odessa
 
[CB20] Vulnerabilities of Machine Learning Infrastructure by Sergey Gordeychik
[CB20] Vulnerabilities of Machine Learning Infrastructure by Sergey Gordeychik[CB20] Vulnerabilities of Machine Learning Infrastructure by Sergey Gordeychik
[CB20] Vulnerabilities of Machine Learning Infrastructure by Sergey GordeychikCODE BLUE
 
Perl Usage In Security and Penetration testing
Perl Usage In Security and Penetration testingPerl Usage In Security and Penetration testing
Perl Usage In Security and Penetration testingVlatko Kosturjak
 
Clean code & design patterns
Clean code & design patternsClean code & design patterns
Clean code & design patternsPascal Larocque
 
Drupal Camp Atlanta 2011 - Drupal Security
Drupal Camp Atlanta 2011 - Drupal SecurityDrupal Camp Atlanta 2011 - Drupal Security
Drupal Camp Atlanta 2011 - Drupal SecurityMediacurrent
 
Integris Security - Hacking With Glue ℠
Integris Security - Hacking With Glue ℠Integris Security - Hacking With Glue ℠
Integris Security - Hacking With Glue ℠Integris Security LLC
 
A CTF Hackers Toolbox
A CTF Hackers ToolboxA CTF Hackers Toolbox
A CTF Hackers ToolboxStefan
 
Linux Security APIs and the Chromium Sandbox
Linux Security APIs and the Chromium SandboxLinux Security APIs and the Chromium Sandbox
Linux Security APIs and the Chromium SandboxPatricia Aas
 
Jvm profiling under the hood
Jvm profiling under the hoodJvm profiling under the hood
Jvm profiling under the hoodRichardWarburton
 
Reutov, yunusov, nagibin random numbers take ii
Reutov, yunusov, nagibin random numbers take iiReutov, yunusov, nagibin random numbers take ii
Reutov, yunusov, nagibin random numbers take iiDefconRussia
 
Defcon 22-paul-mcmillan-attacking-the-iot-using-timing-attac
Defcon 22-paul-mcmillan-attacking-the-iot-using-timing-attacDefcon 22-paul-mcmillan-attacking-the-iot-using-timing-attac
Defcon 22-paul-mcmillan-attacking-the-iot-using-timing-attacPriyanka Aash
 

Ähnlich wie Much ado about randomness. What is really a random number? (20)

Secure coding for developers
Secure coding for developersSecure coding for developers
Secure coding for developers
 
Crypto failures every developer should avoid
Crypto failures every developer should avoidCrypto failures every developer should avoid
Crypto failures every developer should avoid
 
Crypto failures every developer should avoid
Crypto failures every developer should avoidCrypto failures every developer should avoid
Crypto failures every developer should avoid
 
Eight simple rules to writing secure PHP programs
Eight simple rules to writing secure PHP programsEight simple rules to writing secure PHP programs
Eight simple rules to writing secure PHP programs
 
How to reverse engineer Android applications
How to reverse engineer Android applicationsHow to reverse engineer Android applications
How to reverse engineer Android applications
 
How to reverse engineer Android applications—using a popular word game as an ...
How to reverse engineer Android applications—using a popular word game as an ...How to reverse engineer Android applications—using a popular word game as an ...
How to reverse engineer Android applications—using a popular word game as an ...
 
Us 17-krug-hacking-severless-runtimes
Us 17-krug-hacking-severless-runtimesUs 17-krug-hacking-severless-runtimes
Us 17-krug-hacking-severless-runtimes
 
14 key management & exchange
14 key management & exchange14 key management & exchange
14 key management & exchange
 
Java/Scala Lab 2016. Đ’Đ»Đ°ĐŽĐžĐŒĐžŃ€ Đ“Đ°Ń€Đ±ŃƒĐ·: ĐĐ°ĐżĐžŃĐ°ĐœĐžĐ” Đ±Đ”Đ·ĐŸĐżĐ°ŃĐœĐŸĐłĐŸ ĐșĐŸĐŽĐ° ĐœĐ° Java.
Java/Scala Lab 2016. Đ’Đ»Đ°ĐŽĐžĐŒĐžŃ€ Đ“Đ°Ń€Đ±ŃƒĐ·: ĐĐ°ĐżĐžŃĐ°ĐœĐžĐ” Đ±Đ”Đ·ĐŸĐżĐ°ŃĐœĐŸĐłĐŸ ĐșĐŸĐŽĐ° ĐœĐ° Java.Java/Scala Lab 2016. Đ’Đ»Đ°ĐŽĐžĐŒĐžŃ€ Đ“Đ°Ń€Đ±ŃƒĐ·: ĐĐ°ĐżĐžŃĐ°ĐœĐžĐ” Đ±Đ”Đ·ĐŸĐżĐ°ŃĐœĐŸĐłĐŸ ĐșĐŸĐŽĐ° ĐœĐ° Java.
Java/Scala Lab 2016. Đ’Đ»Đ°ĐŽĐžĐŒĐžŃ€ Đ“Đ°Ń€Đ±ŃƒĐ·: ĐĐ°ĐżĐžŃĐ°ĐœĐžĐ” Đ±Đ”Đ·ĐŸĐżĐ°ŃĐœĐŸĐłĐŸ ĐșĐŸĐŽĐ° ĐœĐ° Java.
 
[CB20] Vulnerabilities of Machine Learning Infrastructure by Sergey Gordeychik
[CB20] Vulnerabilities of Machine Learning Infrastructure by Sergey Gordeychik[CB20] Vulnerabilities of Machine Learning Infrastructure by Sergey Gordeychik
[CB20] Vulnerabilities of Machine Learning Infrastructure by Sergey Gordeychik
 
Perl Usage In Security and Penetration testing
Perl Usage In Security and Penetration testingPerl Usage In Security and Penetration testing
Perl Usage In Security and Penetration testing
 
Clean code & design patterns
Clean code & design patternsClean code & design patterns
Clean code & design patterns
 
Drupal Camp Atlanta 2011 - Drupal Security
Drupal Camp Atlanta 2011 - Drupal SecurityDrupal Camp Atlanta 2011 - Drupal Security
Drupal Camp Atlanta 2011 - Drupal Security
 
Integris Security - Hacking With Glue ℠
Integris Security - Hacking With Glue ℠Integris Security - Hacking With Glue ℠
Integris Security - Hacking With Glue ℠
 
A CTF Hackers Toolbox
A CTF Hackers ToolboxA CTF Hackers Toolbox
A CTF Hackers Toolbox
 
Linux Security APIs and the Chromium Sandbox
Linux Security APIs and the Chromium SandboxLinux Security APIs and the Chromium Sandbox
Linux Security APIs and the Chromium Sandbox
 
Jvm profiling under the hood
Jvm profiling under the hoodJvm profiling under the hood
Jvm profiling under the hood
 
Reutov, yunusov, nagibin random numbers take ii
Reutov, yunusov, nagibin random numbers take iiReutov, yunusov, nagibin random numbers take ii
Reutov, yunusov, nagibin random numbers take ii
 
Random numbers
Random numbersRandom numbers
Random numbers
 
Defcon 22-paul-mcmillan-attacking-the-iot-using-timing-attac
Defcon 22-paul-mcmillan-attacking-the-iot-using-timing-attacDefcon 22-paul-mcmillan-attacking-the-iot-using-timing-attac
Defcon 22-paul-mcmillan-attacking-the-iot-using-timing-attac
 

Mehr von Aleksandr Yampolskiy

New York REDIS Meetup Welcome Session
New York REDIS Meetup Welcome SessionNew York REDIS Meetup Welcome Session
New York REDIS Meetup Welcome SessionAleksandr Yampolskiy
 
"Managing software development" by Peter Bell
"Managing software development" by Peter Bell"Managing software development" by Peter Bell
"Managing software development" by Peter BellAleksandr Yampolskiy
 
Recruiting Great Engineers in Six Easy Steps
Recruiting Great Engineers in Six Easy StepsRecruiting Great Engineers in Six Easy Steps
Recruiting Great Engineers in Six Easy StepsAleksandr Yampolskiy
 
You Too Can Be a Radio Host Or How We Scaled a .NET Startup And Had Fun Doing It
You Too Can Be a Radio Host Or How We Scaled a .NET Startup And Had Fun Doing ItYou Too Can Be a Radio Host Or How We Scaled a .NET Startup And Had Fun Doing It
You Too Can Be a Radio Host Or How We Scaled a .NET Startup And Had Fun Doing ItAleksandr Yampolskiy
 
Malware Goes to the Movies - Briefing
Malware Goes to the Movies - BriefingMalware Goes to the Movies - Briefing
Malware Goes to the Movies - BriefingAleksandr Yampolskiy
 
Social media security challenges
Social media security challengesSocial media security challenges
Social media security challengesAleksandr Yampolskiy
 
Social Engineering and What to do About it
Social Engineering and What to do About itSocial Engineering and What to do About it
Social Engineering and What to do About itAleksandr Yampolskiy
 
Inoculation strategies for victims of viruses
Inoculation strategies for victims of virusesInoculation strategies for victims of viruses
Inoculation strategies for victims of virusesAleksandr Yampolskiy
 
Number theory lecture (part 1)
Number theory lecture (part 1)Number theory lecture (part 1)
Number theory lecture (part 1)Aleksandr Yampolskiy
 
Number theory lecture (part 2)
Number theory lecture (part 2)Number theory lecture (part 2)
Number theory lecture (part 2)Aleksandr Yampolskiy
 
Threshold and Proactive Pseudo-Random Permutations
Threshold and Proactive Pseudo-Random PermutationsThreshold and Proactive Pseudo-Random Permutations
Threshold and Proactive Pseudo-Random PermutationsAleksandr Yampolskiy
 
Secure information aggregation in sensor networks
Secure information aggregation in sensor networksSecure information aggregation in sensor networks
Secure information aggregation in sensor networksAleksandr Yampolskiy
 
A verifiable random function with short proofs and keys
A verifiable random function with short proofs and keysA verifiable random function with short proofs and keys
A verifiable random function with short proofs and keysAleksandr Yampolskiy
 
Towards a theory of data entangelement
Towards a theory of data entangelementTowards a theory of data entangelement
Towards a theory of data entangelementAleksandr Yampolskiy
 
Price of anarchy is independent of network topology
Price of anarchy is independent of network topologyPrice of anarchy is independent of network topology
Price of anarchy is independent of network topologyAleksandr Yampolskiy
 
Spreading Rumors Quietly and the Subgroup Escape Problem
Spreading Rumors Quietly and the Subgroup Escape ProblemSpreading Rumors Quietly and the Subgroup Escape Problem
Spreading Rumors Quietly and the Subgroup Escape ProblemAleksandr Yampolskiy
 

Mehr von Aleksandr Yampolskiy (19)

New York REDIS Meetup Welcome Session
New York REDIS Meetup Welcome SessionNew York REDIS Meetup Welcome Session
New York REDIS Meetup Welcome Session
 
"Managing software development" by Peter Bell
"Managing software development" by Peter Bell"Managing software development" by Peter Bell
"Managing software development" by Peter Bell
 
Recruiting Great Engineers in Six Easy Steps
Recruiting Great Engineers in Six Easy StepsRecruiting Great Engineers in Six Easy Steps
Recruiting Great Engineers in Six Easy Steps
 
You Too Can Be a Radio Host Or How We Scaled a .NET Startup And Had Fun Doing It
You Too Can Be a Radio Host Or How We Scaled a .NET Startup And Had Fun Doing ItYou Too Can Be a Radio Host Or How We Scaled a .NET Startup And Had Fun Doing It
You Too Can Be a Radio Host Or How We Scaled a .NET Startup And Had Fun Doing It
 
Malware Goes to the Movies - Briefing
Malware Goes to the Movies - BriefingMalware Goes to the Movies - Briefing
Malware Goes to the Movies - Briefing
 
Privacy and E-Commerce
Privacy and E-CommercePrivacy and E-Commerce
Privacy and E-Commerce
 
Social media security challenges
Social media security challengesSocial media security challenges
Social media security challenges
 
Social Engineering and What to do About it
Social Engineering and What to do About itSocial Engineering and What to do About it
Social Engineering and What to do About it
 
Malware goes to the movies
Malware goes to the moviesMalware goes to the movies
Malware goes to the movies
 
Inoculation strategies for victims of viruses
Inoculation strategies for victims of virusesInoculation strategies for victims of viruses
Inoculation strategies for victims of viruses
 
Number theory lecture (part 1)
Number theory lecture (part 1)Number theory lecture (part 1)
Number theory lecture (part 1)
 
Number theory lecture (part 2)
Number theory lecture (part 2)Number theory lecture (part 2)
Number theory lecture (part 2)
 
Threshold and Proactive Pseudo-Random Permutations
Threshold and Proactive Pseudo-Random PermutationsThreshold and Proactive Pseudo-Random Permutations
Threshold and Proactive Pseudo-Random Permutations
 
Secure information aggregation in sensor networks
Secure information aggregation in sensor networksSecure information aggregation in sensor networks
Secure information aggregation in sensor networks
 
A verifiable random function with short proofs and keys
A verifiable random function with short proofs and keysA verifiable random function with short proofs and keys
A verifiable random function with short proofs and keys
 
Towards a theory of data entangelement
Towards a theory of data entangelementTowards a theory of data entangelement
Towards a theory of data entangelement
 
Price of anarchy is independent of network topology
Price of anarchy is independent of network topologyPrice of anarchy is independent of network topology
Price of anarchy is independent of network topology
 
Business Case Studies
Business Case Studies Business Case Studies
Business Case Studies
 
Spreading Rumors Quietly and the Subgroup Escape Problem
Spreading Rumors Quietly and the Subgroup Escape ProblemSpreading Rumors Quietly and the Subgroup Escape Problem
Spreading Rumors Quietly and the Subgroup Escape Problem
 

KĂŒrzlich hochgeladen

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel AraĂșjo
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 

KĂŒrzlich hochgeladen (20)

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 

Much ado about randomness. What is really a random number?

  • 1. Much Ado About Randomness Aleksandr Yampolskiy, Ph.D.
  • 2. Randomness Random number generation is easy to get wrong.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.
  • 11. What is (Pseudo)-Random? (cont.) PRG random seed pseudorandom string random string look indistinguishable to any efficient observer Definition [Blum-Micali-Yao]: PRG is a polytime function whose output is indistinguishable from random by any efficient observer 01010111001
 11010011010
 1001
  • 12. Attacking Weak PRGs Find programs with weak PRG Break-in Guess the initial seed of a PRG Guess the state of a PRG
  • 13.
  • 14.
  • 15.
  • 16.
  • 17.
  • 18.
  • 19.
  • 20. java.security. SecureRandom class SpinStop extends Throwable { SpinStop() {} } class SpinSlave extends Thread { long millis; Thread parent; SpinSlave(long millis, Thread parent) { this.millis= millis; this.parent= parent; } public void run() { try { Thread.sleep(millis); parent.stop(new SpinStop()); stop(); } catch (InterruptedException ex) { parent.stop(ex); } } } class SpinMaster extends Thread { long millis; long counter; SpinMaster(long millis) { this.millis= millis; this.counter= 0; } public void run() { try { Thread t= new SpinSlave(millis, this); t.start(); while (true) { counter ++; Thread.yield(); } } catch (SpinStop s) { } } } public class Spinner { public static long spin(long millis) throws InterruptedException { SpinMaster t= new SpinMaster(millis); t.start(); t.join(); return t.counter; } } SHA1PRNG + Thread Scheduling
  • 21.
  • 22.
  • 23.
  • 24.
  • 25.
  • 26. “ We could not arrest or charge this suspect because technically, no offence was being committed as there was no legislation in place to say that the act being committed was criminal. So, we had to let him go,” said Sergeant Jemesa Lave of the Fiji Police Cyber Crime Unit.
  • 27.
  • 28.
  • 29. WebScarab – Predictable Cookies Entropy is a measure of uncertainty regarding a discrete random variable. For many purposes, the Shannon entropy is the only measure needed. Shannon entropy is defined byShannon (4.1) has the unit bits. Not amazon.com
  • 32. BurpSuite – amazon.com Typical amazon.com session-id 18 0-3029497-6907862
  • 34.
  • 36.

Hinweis der Redaktion

  1. http://www.javamex.com/tutorials/random_numbers/lcg_planes.shtml
  2. http://www.flickr.com/whitehouse?phpsessid=6ec6733ca8594df4268ef8708a5438c2.