Difference between revisions of "PRNG permanent compromise attack"

From OWASP
Jump to: navigation, search
(Description)
 
(4 intermediate revisions by one user not shown)
Line 3: Line 3:
  
 
    
 
    
A type of PRNG State Compromise Extension Attack in which an attacker compromises the state of the PRNG at some arbitrary time t. From t, all future and past states of the PRNG become vulnerable to attack [http://www.schneier.com/paper-prngs.pdf].
+
A type of [[PRNG state compromise extension attack]] in which an attacker compromises the state of the PRNG at some arbitrary time t. From t, all future and past states of the PRNG become vulnerable to attack [http://www.schneier.com/paper-prngs.pdf].
 +
 
 +
 
 +
== Examples ==
 +
 
 +
 
 +
 
 +
In 1999, Reliable Software Technologies was able to crack the card shuffling algorithm used in an online Texas Hold 'Em card game (using software developed by ASF Software Inc.). By identifying the seed value used by ASF's PRNG algorithm, Reliable was able to identify how the cards would be shuffled and, hence, the contents of the deck [http://www.developer.com/tech/article.php/10923_616221_1?o=0]. 
 +
 
  
 
----
 
----
 +
 +
  
 
{{Template:Stub}}
 
{{Template:Stub}}
{{Template:Attack}}
 

Latest revision as of 07:51, 5 November 2007

Description

A type of PRNG state compromise extension attack in which an attacker compromises the state of the PRNG at some arbitrary time t. From t, all future and past states of the PRNG become vulnerable to attack [1].


Examples

In 1999, Reliable Software Technologies was able to crack the card shuffling algorithm used in an online Texas Hold 'Em card game (using software developed by ASF Software Inc.). By identifying the seed value used by ASF's PRNG algorithm, Reliable was able to identify how the cards would be shuffled and, hence, the contents of the deck [2].




This article is a stub. You can help OWASP by expanding it or discussing it on its Talk page.