First laboratory for the Computer Network Security (CNS) course at Tor Vergata during scholar year 2022-2023.
In the laboratory we introduced the idea behind Pseudo-Random-Number-Generators (PRNGs) and we have analyzed two specific types of PRNGs, the The Middle Square Method and the Linear Congruential Generator, abbreviated as LCG. We have defined the main equations of an LCG, and we have seen how to discover all the parameters of a given LCG starting from a sequence of outputs.
\[\begin{cases} x_0 &= \text{seed} \\ x_n &= (x_{n-1} \cdot a + b) \mod c \\ \end{cases}\]
In terms of practical application, we have seen that the C standard library ( glibc) implements various types of PRNGs, and among these (at least up until glibc version 2.36) we also find a version of LCG. Finally, we have implemented the attack described within the python script (code/example_6_attack_lcg.py) present in the code resources.
Links to the material of the lecture:
Resources and references used to make the lecture:
- Chance versus Randomness (Standford Encyclopedia)
- glibc rand function implementation (StackOverflow)
- How Brittle Are LCG-Cracking Techniques? (StackExchange)
- Cracking a linear congruential generator (StackExchange)
- George Marsaglia – RANDOM NUMBERS FALL MAINLY IN THE PLANES
For any doubts feel free to contact me.
Thank you.