Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Some RNG's use the time of the day in milliseconds as seed, I guess those are easy to brute force. I guess it's all about the size of the seed and it's randomness!?


This is probably the most famous issue about that phenomenon:

https://people.eecs.berkeley.edu/~daw/papers/ddj-netscape.ht...

You could say that our understanding of PRNGs has improved a bit since then.

A recent thread about brute-forcing PRNG states in a game:

https://news.ycombinator.com/item?id=18880528


I would have thought https://github.com/g0tmi1k/debian-ssh would be the most famous issue in many people's memories of poor (read: absent) PRNG use. ;)


One would hope no RSA key generation software is so stupid as to use that kind of RNG. OTOH, apparently 0.2% of RSA keys were generated by something effectively that dumb.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: