Get a Pentest and security assessment of your IT network.

News

A Few Thoughts on Cryptographic Engineering

An old vulnerability in a pseudorandom number generator called ANSI X9.31 is used in a lot of government certified products. The TL;DR is that this ANSI generator really sucks, and is easy to misuse. When its misused as it has been some very bad things can happen to the cryptography that relies on it. An attacker could learn only a single 16-byte raw output block (Ri) from a working PRG, she could do the following: (1) guess the timestamp T, (2) work backwards (decrypting) in order to recover the corresponding state value V, and now (3) run the generator forwards or backwards (with guesses for T) to obtain every previous and subsequent output of the generator.”]

Source: https://blog.cryptographyengineering.com/2017/10/23/attack-of-the-week-duhk/

Related posts
News

Ashley Madison 2.0 Hackers Leak 20GB Data Dump, Including CEO's Emails

News

Art of Twitter account hacking

News

Botnet authors use Evernote account as C&C Server

News

Canadian agency breached as hackers exploit CVE-2017-5638 flaw in Apache Struts 2