Not Playing Randomly: The Sony PS3 and Bitcoin Crypto Hacks

Watch those random-number generators

What is the most costly hack to fix? Ransomware? Malware? Nope! Many experts think it is a failure of the trust infrastructure, and where the private keys of an organisation are leaked. This can then compromise all the things that are signed by those keys, including documents and executables.

Imagine the case where Microsoft’s private keys were hacked, and where we could then not trust any piece of software (or hardware) that was signed by those keys. Intruders could create their own software (or hardware) and then sign it with a valid key. There would have to be large-scale revocation of software and hardware, and virtually everything which was associated with Microsoft’s private keys would have to be reinstalled.

An intruder could thus recreate software which is properly signed by the trusted private key. Often these private keys are stolen by an insider in the company, but there are cases where sloppy coding has opened up the keys to the world. This happened in the case of ECDSA, and where developers did not check the random numbers they were generating.

Sony PS3 hack

In 2010, the hacker group fail0Overflow demonstrated that they could break the security methods of the…