Black Hat USA 2013 - Black-Box Assessment of Pseudorandom Algorithms

52:47 821 views 100% Published 8 years ago

By: Derek Soeder, Christopher Abad & Gabriel Acevedo

Last year at Black Hat, Argyros and Kiayias devastated all things pseudorandom in open-source PHP applications. This year, we're bringing PRNG attacks to the masses.

We'll point out flaws in many of the most common non-cryptographic pseudorandom number generators (PRNGs) and examine how to identify a PRNG based on a black-box analysis of application output. In many cases, most or all of the PRNG's internal state can be recovered, enabling determination of past output and prediction of future output. We'll present algorithms that run many orders of magnitude faster than a brute-force search, including reversing and seeking the PRNG stream in constant time. Finally, of course, we'll demonstrate everything and give away our tool so that you can perform the attacks during your own assessments.

Watch on YouTube

Black Hat USA 2013

Black Hat USA 2013

From 06/02/2014 to 06/02/2019 in Las Vegas, United States