SeaGL Computational Randomness

Transcript

1. Computational Randomness: Controlled Chaos in an Ordered Machine by @amandasopkin

2. Who am I? @amandasopkin

3. Just a randomness fan @amandasopkin

4. Where are we headed? @amandasopkin

5. History of Cryptography @amandasopkin

6. 1900 BC: Cryptographic hieroglyphics @amandasopkin

7. None

8. 100 BC: Julius Caeser @amandasopkin

9. @amandasopkin

10. 1500s: Vignere’s system @amandasopkin

11. None

12. Kerchoff’s Principle: secrecy of key @amandasopkin

13. 1800s: Hebern’s system @amandasopkin

14. 1800s: Hebern’s system

15. Letter frequencies Can be used to break a cipher

16. Letter frequencies

17. Letter frequencies Frequency of each letter in cipher Sorted from

    most common to least

18. Letter frequencies Standard english letter frequencies

19. Letter frequencies Frequencies of letters in cipher

20. Letter frequencies Most frequent letters in cipher are S and

    O

21. Substitute E and T for S and O

22. Spot instances of “tle”

23. Most common letter is now G, which must be a,

    i, or o

24. Spot oFe and theF and then Lheet

25. Spot sODVe and OK

26. Sub l for D, v for V, R for K

27. Spot enoQRh

28. Spot EesMge and Nount

29. Few more steps...

30. Solved!

31. 1800s: Hebern’s system

32. WW1: Engima Machine @amandasopkin

33. None

34. 1973: IBM’s Luther @amandasopkin

35. Note on block cipher encryption @amandasopkin

36. None

37. 2000: Advanced Encryption Standard (Rijndael) @amandasopkin

38. None

39. Crypto Wars @amandasopkin

40. None

41. Key size restrictions @amandasopkin

42. The end of crypto wars @amandasopkin

43. 1991: PGP (Pretty Good Privacy) @amandasopkin

44. None

45. Bread and Butter of cryptography

46. Cipher text: input that has been encrypted Bread and Butter

    of cryptography

47. Why is randomness important? @amandasopkin

48. We use session keys to encrypt cipher keys @amandasopkin

49. @amandasopkin

50. Randomness Makes processes secure Mathematically/computationally, naturally, philosophically important Difficult to

    actually achieve @amandasopkin

51. Why do we need randomness today? @amandasopkin

52. 4oio342ip4o24p32o

53. 4fdslf95454

54. None
55. None

56. Problems with randomness The seed, or starting point The algorithm

    @amandasopkin
57. None

58. 1. Determined that user ids were seeded with restart time

    2. Crashed the Hacker News site 3. Predicted restart time 4. Predicted assigned user ids as users logged in 5. Impersonated discovered users @amandasopkin

59. DUAL_EC_DRBG Controversy • 2004: Dual EC PRNG introduced

60. • 08/2007: Shumow and Ferguson present Dual_EC_DRBG flaw at cryptography

    conference DUAL_EC_DRBG Controversy

61. • 11/2007: Schneier bases article in Wired on their findings

    DUAL_EC_DRBG Controversy

62. “...would allow NSA to determine the state of the random

    number generator, and thereby eventually be able to read all data sent over the SSL connection.” DUAL_EC_DRBG Controversy
63. None

64. • 09/2013: One of the purposes of Bullrun is described

    as being "to covertly introduce weaknesses into the encryption standards followed by hardware and software developers around the world." DUAL_EC_DRBG Controversy

65. • NIST recommends removal of the algorithm as a standard

    DUAL_EC_DRBG Controversy

66. • 2004: Dual EC PRNG introduced • 08/2007: Shumow and

    Ferguson present Dual_EC_DRBG flaw at cryptography conference • 11/2007: Schneier bases article in Wired on their findings DUAL_EC_DRBG Controversy

67. • 09/2013: One of the purposes of Bullrun is described

    as being "to covertly introduce weaknesses into the encryption standards followed by hardware and software developers around the world." • 12/2013: Presidential advisory examines encryption standards • 2014: Standard is removed DUAL_EC_DRBG Controversy

68. Years until standard removed... 10!

69. Who did this impact? Microsoft, Google, Apple, McAfee, Docker, IBM,

    Oracle, Cisco, VMWare, Juniper, HP, Red Hat, Samsung, Toshiba, DELL, Ruckus, F5 Networks, Lenovo, Nokia, the RSA BSAFE libraries for Java and C++ and more....

70. Ok, so you want to create randomness... @amandasopkin

71. An ideal pseudo random number generator should...

72. 1. Pass statistical tests of randomness An ideal pseudo random

    number generator should... Monobit Distance Poker or Craps Birthday

73. 1. Pass statistical tests of randomness 2. Take a long

    time before repeating An ideal pseudo random number generator should... Have a long “period”

74. 1. Pass statistical tests of randomness 2. Take a long

    time before repeating 3. Execute efficiently An ideal pseudo random number generator should... & Quick Low storage

75. 1. Pass statistical tests of randomness 2. Take a long

    time before repeating 3. Execute efficiently 4. Be repeatable An ideal pseudo random number generator should...

76. 1. Pass statistical tests of randomness 2. Take a long

    time before repeating 3. Execute efficiently 4. Be repeatable 5. Be portable An ideal pseudo random number generator should... Can be run on any machine or system

77. What are the common ways of generating “randomness”? @amandasopkin

78. Linear congruential generators Linear congruential generators take the form xk

    = (axk−1 + c) (mod M) where x0 is the seed, the integer M is the largest representable integer, and the period is at most M.

79. Linear combination generators a = 3 c = 9 m

    = 16 x0 = 4394 def lcg(): xi = x0 for i in range(10): xi = (a*xi + c)%m print(xi)

80. Linear combination generators Algorithm: xi = (a*xi + c)%m 7

    14 3 2 15 6 11 10 7

81. Towards a better pseudorandom generator @amandasopkin

82. Any one who considers arithmetical methods of producing random digits

    is, of course, in a state of sin.

83. Mid square method generally Start with a 4 digit seed

    Square this value If the result has fewer than 8 digits, add leading 0s Take the middle 4 digits of the result Repeat the sequence

84. Mid square method generally Start with a 4 digit seed

    9834

85. Mid square method generally Start with a 4 digit seed

    Square this value 96707556 9834

86. Mid square method generally Start with a 4 digit seed

    Square this value If the result has fewer than 8 digits, add leading 0s 96707556 9834 96707556

87. Mid square method generally Start with a 4 digit seed

    Square this value If the result has fewer than 8 digits, add leading 0s Take the middle 4 digits of the result Start with a 4 digit seed Square this value If the result has fewer than 8 digits, add leading 0s 9834 96707556 96707556 7075

88. Mid square method generally Start with a 4 digit seed

    Square this value If the result has fewer than 8 digits, add leading 0s Take the middle 4 digits of the result Repeat the sequence Start with a 4 digit seed Square this value If the result has fewer than 8 digits, add leading 0s 9834 96707556 96707556 7075 50055625

89. Mid square method seed_number = int(input("Please enter a four digit

    number:\n[####] ")) number = seed_number already_seen = set() counter = 0 while number not in already_seen: counter += 1 already_seen.add(number) number = int(str(number * number).zfill(8)[2:6]) print(f"#{counter}: {number}") print(f"We began with the seed {seed_number}, and" f" we repeated ourselves after {counter} steps" f" with {number}.")

90. Mid square method Please enter a four digit number: [####]

    5859 #1: 3278 #2: 7452 #3: 5323 #4: 3343 #5: 1756 #6: 835 #7: 6972 #8: 6087 #9: 515 #10: 2652 ....... #59: 24 #60: 5 #61: 0 #62: 0 We began with the seed 5859, and we repeated ourselves after 62 steps with 0.

91. Issues with mid square method Relatively slow Statistically unsatisfactory Sample

    of random numbers may be too short

92. Predicting the mid square method Advanced LCG Mid square method

93. Let’s talk cryptography @amandasopkin

94. Most used pseudo random number generator Very long period (the

    Mersenne prime: 219937 − 1) Not cryptographically secure The Mersenne Twister

95. Predicting the random() module from random import random import matplotlib.pyplot

    as plt def uni(n, m, a, c, seed): sequence = [] Xn = seed for i in range(n): Xn = ((a*Xn + c) % m) sequence.append(Xn/float(m-1)) return(sequence) x = range(1000) y_1 = uni(1000, 2**32, 11695477, 1, datetime.now().microsecond) y_2 = [random() for i in range(1000)] plt.plot(x, y_1, "o", color="blue") plt.show() plt.plot(x, y_2, "o", color="red") plt.show()

96. Predicting the random() module Advanced LCG Built in Random PRNG

97. Whats wrong with the random module? @amandasopkin

98. None

99. Problems with the random module...

100. Problems with the random module...

101. Problems with the random module... ...

102. Introducing...the secrets module! @amandasopkin

103. The Secrets module Is cryptographically secure Includes ready made “batteries”

     for Users that don’t want to build their own Uses 32 bytes of entropy by default

104. A note on entropy... @amandasopkin

105. @amandasopkin Natural sources of entropy

106. Source code of Secrets module from random import SystemRandom _sysrand

     = SystemRandom() randbits = _sysrand.getrandbits choice = _sysrand.choice def randbelow(exclusive_upper_bound): return _sysrand._randbelow(exclusive_upper_bound) DEFAULT_ENTROPY = 32 # number of bytes to return by default def token_bytes(nbytes=None): if nbytes is None: nbytes = DEFAULT_ENTROPY return os.urandom(nbytes) def token_hex(nbytes=None): return binascii.hexlify(token_bytes(nbytes)).decode('ascii') def token_urlsafe(nbytes=None): tok = token_bytes(nbytes) return base64.urlsafe_b64encode(tok).rstrip(b'=').decode('ascii')

107. SystemRandom Uses OS as a source of randomness Not available

     on all systems Does not rely on software states Sequences are not repeatable

108. /dev/random Will block without sufficient entropy Relies on “the kernel

     entropy pool” Slower than /dev/urandom

109. /dev/urandom Will not block without sufficient entropy Relies on “the

     kernel entropy pool” Faster than /dev/random Theoretically vulnerable to attack

110. Using the secrets module to get tokens import secrets token1

     = secrets.token_hex(16) token2 = secrets.token_hex(10) print(token1) print(token2) d2bdc979d5ecec0dccf67854459c5284 584d93ac921d3c74be9c

111. Using the secrets module for password generation import secrets import

     string alphabet = string.ascii_letters + string.digits password = ''.join(secrets.choice(alphabet) for i in range(10)) print(password) i3OFMKPr8q

112. The secrets module: not the end all be all. @amandasopkin

113. Popular algorithms • AES • RCA • ECC

114. Popular algorithms • AES: made of three block ciphers: AES-128,

     AES-192 and AES-256. Each cipher encrypts and decrypts data in blocks of 128 bits using cryptographic keys of 128-, 192- and 256-bits

115. Popular algorithms: AES

116. Popular algorithms • RSA: involves a public key and private

     key. The public key can be known to everyone; it is used to encrypt messages. Messages encrypted using the public key can only be decrypted with the private key.

117. Popular algorithms: RSA

118. Popular algorithms • ECC: based on the algebraic structure of

     elliptic curves over finite fields.

119. Popular algorithms: ECC

120. Python’s “nuclear reactor” of Randomness "...folks really are better off

     learning to use things like cryptography.io for security sensitive software, so this change is just about harm mitigation given that it's inevitable that a non-trivial proportion of the millions of current and future Python developers won't do that."

121. Installation of Cryptography.io $ pip install cryptography

122. Cryptography.io

123. Let’s wrap up... @amandasopkin

124. Is very important for security Difficult to truly achieve Can

     be simulated Randomness... @amandasopkin

125. Something to say? Amanda Sopkin @amandasopkin

126. Thank you! @amandasopkin

127. Sources: • Icons taken from flaticon.com • https://crypto.stackexchange.com/questions/51232/using- 32-hexadecimal-digits-vs-ascii-equivalent-16-character- password

     • https://dev.to/walker/pseudo-random-numbers-in-python-f rom-arithmetic-to-probability-distributions • Wired Magazine • The Washington Post • NYT • Dilbert