## Tuesday, September 14, 2010

### Fooled by pseudorandomness

When people talk about codes and ciphers they get very excited about the cryptographic algorithms: everything from Enigma through DES to AES and elliptic curves excites the popular imagination. Oddly the Achilles' Heel of many secure system is much more mundane and simpler to understand.

Cryptographic systems require good random numbers. And by good I mean unpredictable. That means that whatever your source of random numbers is, I shouldn't be able to predict the next number it's going to give. And I definitely shouldn't be able to do that after seeing a few numbers it has come up with.

Back in the Second World War, Nazi Germany had a lovely cryptographic system called Lorenz (which the British referred to as Fish). It relied on generating random numbers. But, unfortunately, the numbers were predictable and the British were able to generate the same sequence of random numbers and break the code.