1. Significance of Random Numbers in Application Security Richard Lewis Tech Mahindra Ltd. richardl@techmahindra.com 91-022-66882000 July 31st 2006

2. Practical Uses of Randomness • Session ID generation • Temporary file name generation • Key generation (cryptography) • First-time password generation • Unique filename/directory name generation • Generation of CAPTCHAs • Random colour generation for schemes, user profiles etc.

3. Need for Good Random Numbers • Prevents application malfunction • Application that relies on creation of several files on disk. • Increases strength of cryptographic operations • The entropy associated with the key increases • Automates otherwise manual tasks • Application can auto-generate first-time passwords instead of having users select one • Increases security of applications • Reduces guessability of session ids and other entities used by the application

4. Random Number Terminology • Entropy • Determines the quality of random numbers. • However, high level of entropy does not guarantee randomness. • Seed • Initialises the random number generation process. • Sequence • Significant if the sequence is pseudo-random i.e. values are recycled after a very long index.

5. Sources of Random Numbers • Random number generation APIs • Avoid “C” rand, rand (Windows), Perl rand, C# Random, PHP rand • Use FIPS-140 compliant random number library • Cryptographic key generation APIs • CryptGenKey for generating random numbers • Hashing data to get further random data • Network and system information APIs • Using output parameters of network functions • Extracting serial numbers from hardware devices and hashing them

6. Sources of Random Numbers (Contd.) • Operating system sources • Eg. dev/random • GUID generators • Keyboard strokes • Measuring time between strokes (GetTickCount) • Characters typed • Mouse movements • Co-ordinates of mouse movements on screen (Mouse and Window functions) • Screen colours • Bitmap values of random portions of the screen (Bitmap functions) • Time • Time functions

7. Random Number Generation Pitfalls • Using weak RNGs for critical operations • Generating cryptographic keys using linear sequential RNG (that wrap-around) • Using hard coded random number sequences • Using sequential numbers and treating them as random numbers (eg. session ids)

8. Random Number Pitfall – Example 1 • Consider a cryptographic system that uses 56 bit keys. • If these 56 bit keys are derived by using a fixed PRNG seeded with an 8 bit seed. • Not the 2^56 keys that may at first appear to be the case.

9. Random Number Pitfall – Example 2 • Application uses Ethernet address for generating random numbers. • What if… • Ethernet cards have been installed on DEC hardware within DEC?

10. Random Number Solution • Scenario: • User passwords are changed once a month • Probability of guessing the password < 1/1000 • Problem Statement: • What should be the length of the password? • Solution • Introduce a “wrong password” delay, say 5 seconds • In 1 minute = 12 attempts, 1 hour = 720 attempts, • In 1 day = 17K, 1 month = 0.5M attempts • Probability required is < 1/1000 • Therefore, attempts = 0.5 M X 1 K = 0.5 G • 0.5 G = 229 approximately. 30 bits of randomness are needed • 229 = 109 approximately • 26? = 109 • ? = Number of characters in password

11. RNG Best Practices • Use good sources of random numbers • Use FIPS 140-compliant RNG libraries, when possible • Use different seeds at different times when using RNGs. Do not use the same or blank seeds.

12. Thank you!