Not So Random - Exploiting Unsafe Random Number Generator Use

No ratings

Presented at Kiwicon 2016 by

Brendan Jamieson

PRNG? CSPRNG? Do these acronyms mean anything to you? What's the difference? Why does it matter? After all, your app's password reset tokens are definitely generated with a CSPRNG, right? This talk covers the exploitation of unsafe random number generation across a number of languages. Just how practical is it? In this talk we'll discuss a bit of background, what insecure random number generation looks like, and some practical examples of real-world exploitation. We'll then look at options that are available to developers to avoid these issues in their own applications.