How do we know our PRNGs work properly?

Pseudo-random number generators (PRNGs) are critical pieces of security
infrastructure. Yet, PRNGs are surprisingly difficult to design,
implement, and debug. The PRNG vulnerability that we recently found in
GnuPG/Libgcrypt (CVE-2016-6313) survived 18 years of service and several
expert audits. In this presentation, we not only describe the details of
the flaw but, based on our research, explain why the current state of
PRNG implementation and quality assurance downright provokes incidents.
We also present a PRNG analysis method that we developed and give
specific recommendations to implementors of software producing or
consuming pseudo-random numbers to ensure correctness.

These files contain multiple languages.

This Talk was translated into multiple languages. The files available for download contain all languages as separate audio-tracks. Most desktop video players allow you to choose between them.

Please look for "audio tracks" in your desktop video player.

Subtitles

eng

Help us to improve these subtitles!

Audio

News
RSS, last 100
Podcast feed of the last two years	SD quality
Podcast audio feed of the last year
Podcast archive feed, everything older than two years	SD quality
Podcast feeds for 33c3
srt
webm	SD quality
mp4	SD quality
opus
mp3
vtt

News
RSS, last 100
Podcast feed of the last two years	SD quality
Podcast audio feed of the last year
Podcast archive feed, everything older than two years	SD quality
Podcast feeds for 33c3
srt
webm	SD quality
mp4	SD quality
opus
mp3
vtt

How do we know our PRNGs work properly?