Randomness is vital to cryptographic security. Pseudorandom number generation algorithms have been the topic of decades of academic study, and a variety of cryptographic pseudorandom number generation algorithms have been formally standardized over the years. However, in spite of these formal foundations and standards, cryptographic disasters stemming from flawed random number generator implementations happen with distressing frequency. We will tour several recent incidents of flawed and backdoored random number generators, trace these flaws to gaps in understanding between researchers, standards bodies, and implementers, and discuss implications for security and policy moving forward.
Bio: Nadia Heninger is an assistant professor in the Computer and Information Science department at the University of Pennsylvania. Her research focuses on applied cryptography and security, particularly cryptanalysis of public-key cryptography in practice. She is the recipient of a 2017 NSF CAREER award, and her research has won best paper awards at CCS 2016, CCS 2015, Usenix Security 2012, and a best student paper award at Usenix Security 2008.
Heninger received her Ph.D. in computer science in 2011 from Princeton and a B.S. in electrical engineering and computer science in 2004 from UC Berkeley. Previously, she was an NSF Mathematical Sciences Postdoctoral Fellow at UC San Diego and a visiting researcher at Microsoft Research New England.