We can't find the internet
Attempting to reconnect
Something went wrong!
Hang in there while we get back on track
Bad Randomness: Protecting Against Cryptography's Perfect Crime
Learn how bad randomness attacks compromise cryptographic systems, key vulnerabilities in TLS/cryptocurrency, and best practices for protecting against these stealthy but devastating threats.
-
Bad randomness attacks are extremely stealthy and difficult to detect since there’s no way to definitively prove if a number is truly random
-
Key attack vectors include:
- Compromised random number generators (PRNGs)
- Malware that patches/modifies random number generation
- Certificate authority injection enabling man-in-the-middle attacks
- Monitoring cryptocurrency transactions for addresses created with weak randomness
-
Bad randomness vulnerabilities affect multiple critical systems:
- TLS/HTTPS encryption
- Bitcoin/cryptocurrency wallets
- Authentication systems
- Digital signatures (ECDSA)
-
Recommended protections include:
- Distributing random number generation across multiple parties (MPC)
- Deriving randomness deterministically from existing entropy when possible
- Protecting PRNG implementations from tampering
- Reducing unnecessary randomness requirements in protocols
-
Humans are poor sources of entropy and should not generate random values manually
-
Perfect forward secrecy (PFS) alone is insufficient protection if initial randomness is compromised
-
The stealthy nature of bad randomness attacks makes them “perfect crimes” - they are both lethal to security and virtually undetectable
-
Even a single bit of randomness leakage can compromise an entire cryptographic system
-
Bad randomness attackers actively monitor for vulnerable implementations to exploit in real-time
-
Protection requires both securing random number generators and architecting systems to be resilient against compromised randomness