View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
August 10, 2015

Random numbers for web servers could be too easy to guess

Random numbers are claimed to be more susceptible to attacks.

By CBR Staff Writer

A study has revealed that a number randomising system used by several web servers to encrypt data may be a lot weaker than earlier thought.

Hackers can access any data about a particular user, including bank details, the names of family members and personal details.

Servers of websites that have sensitive information encrypt the data by varying it into a series of number based codes. The codes are then scrambled by randomising the number sequence.

It is however believed that the system of encrypting data is not as effective as it once was. Random numbers are likely to be affected to some of the attacks that allow hackers to access personal data.

Security analyst Bruce Potter and researcher Sasha Moore undertook the study that was presented at the Black Hat security event in Las Vegas, US.

Potter was quoted by the BBC as saying: "This seemed like just an interesting problem when we got started but as we went on it got scary."

The news agency reported that widely used Linux-based web server software generated strings of data that were used as a base for random numbers and large, hard-to-guess numbers are important to encrypt data.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

The process of radomising numbers starts with server translating mouse movements, keyboard presses and other activities a machine does.

The information is collected in a pool, which Potter said would have a high degree of a property known as entropy.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.