How do we know our PRNGs work properly?
Vladimir Klebanov, Felix Dörre
Bugs in PRNGs often go unnoticed for years, as witnessed previously by the Debian OpenSSL disaster (2006-2008; see presentation at 25C3) or the Android PRNG vulnerability (2005-2013), which was responsible for a series of bitcoin thefts. This longevity has good reasons, as currently almost no effective technical safeguards against the PRNG flaws are in place. In public forums, questions about quality assurance for PRNGs are typically met with fatalistic shrugging, links to web comics, or links to statistical test suites. None of these approaches is effective in solving the problem. In the past two years, we carried out research into correctness of cryptographic PRNGs, studying the effectiveness of various measures, and developing new ones. We analyzed numerous PRNGs that are currently in deployment. With this presentation we aim to convey insights into: the current state of PRNG implementations why quality assurance of PRNGs is difficult and why hardly any technical safeguards against flaws in PRNGs are currently in place the details of the GnuPG flaw that we uncovered the hidden technical similarities behind many PRNG flaws (such as the three mentioned above) which safeguards are effective and which are not how to improve the situation