Issues with PRNGs and Advantages of TRNGs

• Random number generators (RNG) can either be software or hardware-based. 
• Using software solutions to generate random numbers is not optimal because the former cannot create true randomness. 
• They are therefore called pseudo-random number generators (PRNGs) whereas hardware-based RNGs are referred to as true random number generators (TRNGs).
• Hardware solutions can generally provide a higher level of randomness than software RNGs, depending on the solution used.
• Software RNGs have to rely on seed numbers and algorithms to generate numbers, whereas hardware RNGs use a physical process to do so.
• The best hardware RNGs rely on quantum physical processes, which provide the highest level of randomness.
• The reason why software RNGs are not optimal in producing random numbers is due to the nature of computers which are by essence deterministic systems, and therefore always produce the same output given a certain input.
• This means that it will not be possible to use this process to generate totally random numbers.
• These may pass some statistical randomness tests but will eventually fail others if the sequence is long, as a result of periodicity. 
• The issue when using PRNGs lies with the choice of the seed value, which should be random, but that cannot be the case with this type of RNG. Therefore, a solution around this issue is to use entropy gathering, which does not always provide the best results.
• It means that system information data such as the time, clock, interval between keystrokes, and other information is combined to produce a seed.
• This technique can sometimes lead to security weaknesses as the numbers generated by PRNGs can be predicted using reverse engineering.  
• However, despite security issues and risks when encrypting sensitive information, PRNGs can still be used effectively for some applications. 
• It is important to highlight that strong encryption requires the use of a true random number generator (TRNG), which is based on hardware and does not show predictable patterns.
• TRNGs are most suited to guarantee a high level of encryption. 

Example 1: Netscape

•  In 1995, a security issue was discovered in the Netscape browser, compromising the safety of web communications.
• The issue was due to a weakness in the use of a PRNG in its cryptography.
• At the time, the absence of a TRNG in Netscape's encryption process generated a vast amount of public attention, highlighting the defects of using a weak PRNG to encrypt their SSL protocol, used to secure online communications.
• Netscape used only the time of the day as a source of randomness to generate the seed, which did not provide sufficient entropy, a defect that could have been used to compromise the system.
• The strength of the security of the SSL protocol relies on the randomness and difficulty to predict the key, but the fact that Netscape used a PRNG to generate it compromised its security.
• The flaw was revealed by two Berkeley graduate students who managed to reverse-engineer the browser code and expose the defect.
• They discovered that the seed used was dependent on the time of the day, but also on some other system information such as process ID and parent process ID.
• The students also found that it would not be hard to find these values, and therefore reduce the number of possibilities needed to crack the system. 
• This flaw would have meant that in case of attack, the time to crack the protocol would have been reduced from thirty hours to just a few minutes, or even less.

Example 2: Bitcoin Wallets

• In 2011, a security flaw was also discovered in Android-based Bitcoin wallets. 
• The flaw was related to the use of a PRNG by Android to secure the wallets.
• It was identified and explained in a paper by South Koreans Kim, Han and Lee published in 2013.
• As a result of a Java implementation weakness that would not allow the proper generation of seed random numbers by the PRNG used by Android, cryptographic applications were made less secure.
• This vulnerability was reported and made public by Google Android. 
• This issue led to intense debates about the PRNG used by Android, which caused a flaw in Bitcoin wallets.
• In response, the Android security team investigated the issue and updated multiple Bitcoin applications in August 2011.
• Following the discovery and investigation of this security flaw, Android communicated that all Android wallets could be vulnerable to theft, and that the issue would be related specifically to Android apps and therefore to wallet generated by Android apps.
• Affected apps included Bitcoin Wallet, blockchain.info wallet, BitcoinSpinner and Mycelium Wallet.