Questions tagged [random]
The generation of random or pseudorandom data, and the use of randomness in security protocols
390
questions
15
votes
4
answers
6k
views
Security of a non-random password but that relies on information an attacker cannot possibly know
I am trying to figure out whether a non-random password that relies on information an attacker cannot possibly know can be secure.
To give an example, let’s say that I generate my password by putting ...
- 569
0
votes
0
answers
47
views
What is a secure way to create a random number in Typescript? [duplicate]
I want to create a function that returns a random number in a given range, what is a secure way of doing that?
- 33
-1
votes
1
answer
112
views
Is encoding random with module insecure? [closed]
The ID library Nano ID claims that modulo based encoding (e.g. Base64) would lead to uneven distribution in the output:
Uniformity. random % alphabet is a popular mistake to make when coding an ID ...
- 99
0
votes
2
answers
1k
views
Can UUID v7 be treated as a unguessable, opaque identifier?
RFC4122bis specifies UUID v7, a version which contains 74 bits of randomness.
Assuming I use a CSPRNG to generate the random bits: Are these UUIDs considered to be unguessable and are enough to ...
- 105
0
votes
0
answers
27
views
Any idea on how this 36 character long string generated? [duplicate]
I have a personal id "U1KFhYtMqZhCYya6sy31PVLM8DlM5HLCkwy3", I have checked some hash functions but cannot make sure how this generated? Is this just random string generated with [a-zA-z0-9]?...
- 101
1
vote
1
answer
199
views
Which algorithm does CryptGenRandom use on my laptop?
I have an Ideapad Gaming laptop by Lenovo, with an Intel(R) Core(TM) i5-10300H processor. On this laptop I have Windows 10 installed. To generate random numbers, I use the CryptGenRandom function. ...
- 113
0
votes
1
answer
159
views
SecureRandom safety?
I need to randomly pick 10 numbers from 1 to 2000. It is very important that this rng cannot be predicted/hacked in any way. Would this be a safe/proper way to do it:
int randomInt;
SecureRandom ...
0
votes
2
answers
273
views
Is using weak random numbers for the initialization vector of AES just a theoretical issue?
I'm the maintainer of pypdf, a Python library for reading/manipulating PDF documents. I recently discovered that pypdf used random instead of secrets for ...
Generating the initialization vector (IV) ...
- 3,932
0
votes
1
answer
105
views
Randomness of seeded cryptographically secure random number generator
If I generate a large true random number and I seed a CSPRNG with it, then can the output of this CSPRNG be used anywhere where there is a need for a true random number?
For example, if Alice and Bob ...
- 329
5
votes
5
answers
5k
views
Randomly generated secrets: encoding the random bytes in base64 vs keeping them
Today this came to my attention.
When generating random secrets for e.g. JWT (in node.js the most common way is using the crypto.randomBytes() method), I have noticed a lot of people save these tokens ...
- 169
1
vote
2
answers
139
views
exploiting the scenario and how to generate a secure reset password token
I am using the following line of code to create a reset password code sent to the user in her/his email. when scanned with brakeman to my ruby code, this line of code is catched and describes it as it ...
- 131
1
vote
3
answers
1k
views
Is it possible to retrieve seed from a few random numbers?
Let's say I have generated 16 integers (between 0 and 128) using Python
from random import seed, randint
seed(1234)
randoms = [randint(0, 128) for _ in range(0, 16)]
If we have a rough knowledge of ...
- 13
0
votes
1
answer
149
views
Pre-generate random numbers or generate it on the spot
We are developing a lottery platform, and we are discussing what the best way to implement it would be.
As we have it right now, the system pre-generates, using a TRNG device, all the winning numbers ...
- 103
1
vote
2
answers
131
views
Is there any encryption method that uses TRNGs?
Can we create a true random generator whose entropy source is the loss of electrical signals that a binary architecture cannot detect?
If we have a system that let's say could do this, could we be ...
- 11
1
vote
2
answers
217
views
Random identifier vs identifier plus HMAC
Suppose I have a resource that I want to be accessible only using a specific link. I could generate a link using a 256 bit random identifier, e.g. https://example.com/aMXtSQufIxntoMSnTQGdgMfs84VzM-...
- 113