Introduction

CSC 482/582: Computer SecurityApplying CryptographyCSC 482/582: Computer SecurityCSC 482/582: Computer SecurityTopicsKey GenerationRandomness and Information TheoryPRNGsEntropy GatheringKey StorageCryptographic APIs2CSC 482/582: Computer SecurityKey GenerationGoal: generate difficult to guess keysGiven set of K potential keys, choose one randomly.Equivalent to selecting a random number between 0 and K1 inclusive.Difficulty: generating random numbersComputer generated numbers are pseudo-random, that is, generated by an algorithm.Anyone who considers arithmetical methods of producing random digits is, of course, in a state of sin. John vonNeumannCSC 482/582: Computer SecurityHow can be measure randomness?For a fair coin flip, our uncertainty is 2 results. It could be either heads or tails.The uncertainty of 2 flips would be 2*2 = 4.

Logarithmic measure of uncertainty.We feel uncertainties should add, not multiply.Measures uncertainties in bits, instead of raw #s.Uncertainty is log2(M), where M is # results.U = log2 MCSC 482/582: Computer SecurityInformationThe amount of information in a message is the minimal number of bits needed to encode all possible meanings.

Example: day of the week (7 possibilities)Encode in 3 bits000 Sunday to 110 Saturday, with 111 unusedASCII strings Sunday through Saturday use more bits, but dont encode more information.CSC 482/582: Computer SecurityInformationThe amount of information in a message is the minimal number of bits needed to encode all possible meanings.

Example: day of the weekEncode in