Random numbers for web servers could be too easy to guess

A study has revealed that a number randomising system used by several web servers to encrypt data may be a lot weaker than earlier thought.

Hackers can access any data about a particular user, including bank details, the names of family members and personal details.

Servers of websites that have sensitive information encrypt the data by varying it into a series of number based codes. The codes are then scrambled by randomising the number sequence.

It is however believed that the system of encrypting data is not as effective as it once was. Random numbers are likely to be affected to some of the attacks that allow hackers to access personal data.

Security analyst Bruce Potter and researcher Sasha Moore undertook the study that was presented at the Black Hat security event in Las Vegas, US.

Potter was quoted by the BBC as saying: "This seemed like just an interesting problem when we got started but as we went on it got scary."

The news agency reported that widely used Linux-based web server software generated strings of data that were used as a base for random numbers and large, hard-to-guess numbers are important to encrypt data.

The process of radomising numbers starts with server translating mouse movements, keyboard presses and other activities a machine does.

The information is collected in a pool, which Potter said would have a high degree of a property known as entropy.

Sign up for our regular news round-up!

Give your business an edge with our leading Tech Monitor

Sign up