Generating random numbers is a quite common task in security software.
Many developers know how to generate random
numbers (e.g. for Monte Carlo simulation)
from their prior experiences, so they use the similar methods
to generate the random numbers for security purpose. Unfortunately,
a sequence of random numbers may be good for Monte Carlo simulation, but
they may be bad for encryption keys. Developers need to know how to
generate secure random numbers, or they will make mistakes. Similar
mistakes have been made in some well-known products, including
Netscape and Kerberos.
In this lab, students will learn why the typical random number generation method is not appropriate for generating secrets, such as encryption keys. They will further learn a standard way to generate pseudo random numbers that are good for security purposes.
| Please give us your feedback on this lab using this feedback form. | |
| The SEED Labs project is open source. If you are interested in contributing to this project, please check out our Github page: https://github.com/seed-labs/seed-labs. |