Pseudorandom Values: Its Role and Importance in Security Protocols.
Anything on our computers is based on the program we’re developing. when it comes to the random values, how does the computer generate random values?
well. it’s based on the time, so use the time as a seed to generate random values it’s not random it’s changing after asking to generate random values.
However, the problem in this is if we have a function(Time) if the attacker knows this function and he/she has a time in which the random values were generated, he/she can read the same value that you got, so that was the reason to create pseudorandom values.
let’s agree that when we say random, use unpredictable values by physical means, and pseudorandom, we mean it’s generated by the computer.
so, when I choose random values I’m looking for randomness in the values until we sure are unpredictable.
Random numbers play an important role in the use of encryption for various network security applications. several network security algorithms based on cryptography make use of random numbers, for example :
- Generation of keys for the RSA public-key encryption algorithm.
- Generation of a stream key for a symmetric stream cipher.
- Generation of a symmetric key for use as a temporary session key.
- In several key distribution scenarios, such as Kerberos, random numbers are used for handshaking to prevent replay attacks.
as we know in the cryptography system we choose the initial factor or random value these values are not truly random these are pseudorandom and they can’t be guessed or generated. the previous application gives rise to two distinct and not necessarily compatible requirements for a sequence of random numbers: randomness and unpredictability.
with pseudorandom generators, the security increase as the length of the seed increase as a computer gets faster the seed size must increase accordingly.
Cryptographic Nonce
In cryptography, a nonce is an arbitrary number that can be used just once in a cryptographic communication. It is issued by authentication protocol To ensure that any previous connection cannot be used in a replay attack. These special numbers differ each time they are submitted with authentication challenging response, each user request has a rare number sequence. To ensure that the private number is used only once, it must be volatile over time. It contains a convenient and variable time stamp in part of its value (TS), Or it is calculated in a certain way and the result is a certain number of bits.
Let’s say we create an algorithm that opens a gate for us in the house, but we encrypt this connection so that the attacker cannot read the content of the message which is the user credential and it’s encrypted with the key only the user and the gate know. it’s sounds secure, right?
guess what the gate will open for the attacker too! , how is that?
the attacker can intercept the connection between them and take a copy from it and he will send it to the gate, he doesn't need to decrypt it or knows its content, so this message is vulnerable to replay attacks , how to fix it ? by using the Nonce.
or by using the Timestamp which is a type from the nonce and every time the message will be sent containing the timestamp the ciphertext will look different .So now after using the nonce If we encrypt the message 1000 times, we will get many different and unique ciphertext Even if the attacker picks it up and sends it to the gate, the gate will reject his request since it has seen this number before.
