Do you know what a pseudorandom number generator is? Have you ever thought about how to generate pseudorandom numbers? The randomness It is a concept that is commonly used in various fields of science. In the case of computing, for example, we do not find the exception. In this post, we will talk about a tool that is related to the concept of randomness and how it can be applied to the field of cryptography. Next, we will explain what it is, how it works and what it can be used for. pseudorandom number generator (PRNG).
What is a pseudorandom number generator?
Pseudorandom number generators (PRNG) are deterministic algorithms (that is, with a single input the same is always generated output) What are they capable of generating patterns from a seed (either seeds, in English). You can use the output from a prng stream like keystream (Ks) in an algorithm stream. However, this requires that the PRNG be cryptographically secure and never use the same seed more than once.
Pseudorandom number generators are used, for example, in studies of data science. When you need to test a random data set and then be able to replicate those results, a PRNG is used and can thus be obtained using a simple seed of information. Sometimes the seed is the time code automatically generated by the computer, but below we will see that there are safe and unsafe PRNGs that can be used in cryptography.
Marsenne Twister PRNG (MT19937)
The MT19931 is the pseudorandom number generator used by programming languages such as Python and C++ default. It is one of the most popular PRNG algorithms, but is not considered cryptographically secure. Its characteristics are the following:
Use an internal state 624 integers 32 bit, which are initially generated from the seed. Every 624 outputs, a permutation is performed on the internal state. Its period is 219937, a number that was calculated especially for the operation of the algorithm. For each outputa integrate 32 bit and submits it to a functionwhat is reversible. Dice 624 outputs of MT19937, the internal state can be replicated and, therefore, you can predict what the future is outputs through a brute force attack.
How do you choose safe seeds for a PRNG?
Even if the pseudorandom number generator is developed securely for cryptography, the seed must be generated secretly and confidentially, so that the algorithm cannot be broken. To do this, the following recommendations must be followed when choosing the seed for a PRNG:
Seeds should NOT be generated from time codes automatically generated by the computer. The timestamps They are not a reliable source of randomness.since, if the time in which the seed was created is known, then it is easy to find it through a brute force attack.
You should never reuse a seed if you want to use it to generate a keystream for cryptography.
You should always use a real and safe source of randomnessusing methods like the ones we will explain below.
Real randomness
To obtain a real and safe source of randomness, one must achieve without using a deterministic algorithm. To do this, methods based on:
sources of entropy, such as the movement of the mouse, the behavior of certain driversetc.
Device information hardware. That is, the use of physical variables such as the noise generated by a microphone, the digital noise of a photograph, small changes in temperature, etc.
What are PRNGs used for?
In cryptography, PRNGs can be used for generating keystreams insurance. Some cryptographic models, such as stream, require these infinite keys, which are generated from pseudorandom numbers. For cryptography streamFor example, it requires that a keystream has the following characteristics:
It should look random at first glance.but not be and be generated by a small key.
The key must not be found from the cryptanalysis of keystream.
You must generate a keystream new every time to be used in an algorithm.
Therefore, the use of a pseudorandom number generator is recommended. cryptographically secure for the generation of these keystreams or key streams.
How to learn more?
Now you know what a pseudorandom number generator is and how it is used in cryptography. However, the world of cybersecurity is much broader, and if you want to become an expert in the field, you still need to continue learning about the subject. The time has come to take a step forward and take charge of your training; Therefore, you cannot miss our Full Stack Cybersecurity Bootcamp, where you will specialize in less than 7 months. Sign up now!