undefined | Better HN

0 pointsMiceWithYaffle8y ago0 comments

> But I'll confess to not really understanding what all the fuss is about insecure generators.

Based on things she's said on her site and in comments on John D. Cook's blog, it's all about algorithmic complexity attacks on randomized algorithms.

In other words, if you're doing quicksort on external input with a random pivot, and someone knows the PRNG state, they can make a pathological input that'll trigger quadratic behavior.

I don't know how likely this is to happen, but I know there were similar attacks on hash tables a few years ago.

0 comments

tptacek8y ago

And we addressed it with actual cryptography: SipHash. Since cryptographic random number generators are generated with very similar primitives, why wouldn't SipHash be the answer to those problems as well?

j / k navigate · click thread line to collapse

0 pointsMiceWithYaffle8y ago0 comments

> But I'll confess to not really understanding what all the fuss is about insecure generators.

Based on things she's said on her site and in comments on John D. Cook's blog, it's all about algorithmic complexity attacks on randomized algorithms.

In other words, if you're doing quicksort on external input with a random pivot, and someone knows the PRNG state, they can make a pathological input that'll trigger quadratic behavior.

I don't know how likely this is to happen, but I know there were similar attacks on hash tables a few years ago.

0 comments

tptacek8y ago

j / k navigate · click thread line to collapse