Randomness

Given the Snowden revelations, we know only the vaguest of details about how (and perhaps even the if) of how the intelligence services penetrate off-the-shelf encryption devices. A backdoor might not be as blatant as having knowledge of a password backed into an encrypting device, nor as sophisticated as having identified a fundamental vulnerability say in SSL, and keeping it a secret.

A prime candidate, however, is to subtly create some bias in the “random” number generators critical to most modern encryption processes. True randomness is quite difficult (surprisingly) to generate on the fly. Adding the slightest of bias to random generation can certainly compromise encryption, yet for those unaware of the bias nothing would appear to be amiss.

Comments are closed