If you suspend your transcription on amara.org, please add a timestamp below to indicate how far you progressed! This will help others to resume your work!
Please do not press “publish” on amara.org to save your progress, use “save draft” instead. Only press “publish” when you're done with quality control.
<P>Bugs in PRNGs often go unnoticed for years, as witnessed previously by
the Debian OpenSSL disaster (2006-2008; see presentation at 25C3) or the
Android PRNG vulnerability (2005-2013), which was responsible for a
series of bitcoin thefts. This longevity has good reasons, as currently
almost no effective technical safeguards against the PRNG flaws are in
place. In public forums, questions about quality assurance for PRNGs are
typically met with fatalistic shrugging, links to web comics, or links
to statistical test suites. None of these approaches is effective in
solving the problem.
<P>In the past two years, we carried out research into correctness of
cryptographic PRNGs, studying the effectiveness of various measures, and
developing new ones. We analyzed numerous PRNGs that are currently in
deployment. With this presentation we aim to convey insights into:
<UL>
<LI> the current state of PRNG implementations
<LI> why quality assurance of PRNGs is difficult and
<LI> why hardly any technical safeguards against flaws in PRNGs are currently in place
<LI> the details of the GnuPG flaw that we uncovered
<LI> the hidden technical similarities behind many PRNG flaws (such as the three mentioned above)
<LI> which safeguards are effective and which are not
<LI> how to improve the situation
</UL>