Fortuna

--

The usage of Pseudo Random Number Generators (PRNG) is fundamental in cybersecurity and is used to create keys and salt values for encryption. Any weakness in the generation of random numbers can lead to an adversory creating a gain in cracking systems. For example, with a 128-bit encryption strength, a single-bit leak reduces the cipher security to a point which could possibly be cracked within a reasonable amount of time.

Bruce Schneier is possibly the most recognised person in cybersecurity. and, in 2003, he, along with Neil Ferguson, published an implementation of the Fortuna construction [1]:

Overall, it takes a seed value and a block cipher (such as AES and Twofish), and then creates an indefinite quantity of random values. It can use random data from multiple sources, and uses this when new randomness is provided. With the block cipher, we use a counter mode and increment the counter for successive values. If we use a 128-bit block size (such as with AES), there will be no blocks repeated for 2¹²⁸ blocks. Forward security is supported by rekeying the block cipher, and backward security involves the reseeding of random sources. The method uses 32 pools to collect sources of randomness (also known as entropy), and which is used to…

--

--

ASecuritySite: When Bob Met Alice
ASecuritySite: When Bob Met Alice

Published in ASecuritySite: When Bob Met Alice

This publication brings together interesting articles related to cyber security.

Prof Bill Buchanan OBE FRSE
Prof Bill Buchanan OBE FRSE

Written by Prof Bill Buchanan OBE FRSE

Professor of Cryptography. Serial innovator. Believer in fairness, justice & freedom. Based in Edinburgh. Old World Breaker. New World Creator. Building trust.