awave1 · February 11, 2020 05:57
diff --git a/a1.tex b/a1.tex
 \section*{Question 3: Sources of Randomness (10 points)}
    \begin{enumerate}
        \item a stream of sequential numbers starting from a truly random value.

        This is can be considered as true randomness. Since the given stream generates sequential numbers, an attacker has no way of predicting the sequence and especially the starting initial value of the sequence.

        \item a stream of the SHA-256 hash of sequential numbers starting from a truly random value.
        
        If a hash is discovered it won't be possible to guess the sequence of numbers and reverse the hash, since the starting number of underlying sequence is truly random. Given that the sequence is hashed using SHA-256, this can be considered a crypto-suitable pseudo pseudo randomness. It uses the truly random number as a seed.
        
        \item a stream of sequential numbers starting from 0 but encrypted with AES-CBC using a 256-bit encryption key derived from the Wi-Fi router’s MAC address (e.g., the key is the SHA-256 hash of the MAC address).

        This is not cryptographically suitable pseudo randomess. The Wi-Fi router’s MAC address is not a secret value and can be easily discovered (e.g. using \texttt{arp} or \texttt{nmap} on UNIX based systems). Therefore, the key can be discovered as well.

        \item a hardware random number generated XORed with the current time in seconds since the UNIX epoch.

        This can be considered as cryptographically secure pseudo randomness, since there's prescense of a truly random value generated by hardware. Therefore the resulting XORed value cannot be easily predicted.

        \item the output from \texttt{/proc/crypto} (i.e., what is produced by \texttt{cat /proc/crypto}).

        \texttt{/proc/crypto} lists all the supported cryptographic algorithms and therefore can be reproduced or read. This is not like a \texttt{/dev/urandom}. Just using the output of \texttt{/proc/crypto} is not sufficient enough to be cryptographically suitable pseudo-randomess.
        
    \end{enumerate}
	\section*{Question 3: Sources of Randomness (10 points)}
	\begin{enumerate}
	\item a stream of sequential numbers starting from a truly random value.

	This is can be considered as true randomness. Since the given stream generates sequential numbers, an attacker has no way of predicting the sequence and especially the starting initial value of the sequence.

	\item a stream of the SHA-256 hash of sequential numbers starting from a truly random value.

	If a hash is discovered it won't be possible to guess the sequence of numbers and reverse the hash, since the starting number of underlying sequence is truly random. Given that the sequence is hashed using SHA-256, this can be considered a crypto-suitable pseudo pseudo randomness. It uses the truly random number as a seed.

	\item a stream of sequential numbers starting from 0 but encrypted with AES-CBC using a 256-bit encryption key derived from the Wi-Fi router’s MAC address (e.g., the key is the SHA-256 hash of the MAC address).

	This is not cryptographically suitable pseudo randomess. The Wi-Fi router’s MAC address is not a secret value and can be easily discovered (e.g. using \texttt{arp} or \texttt{nmap} on UNIX based systems). Therefore, the key can be discovered as well.

	\item a hardware random number generated XORed with the current time in seconds since the UNIX epoch.

	This can be considered as cryptographically secure pseudo randomness, since there's prescense of a truly random value generated by hardware. Therefore the resulting XORed value cannot be easily predicted.

	\item the output from \texttt{/proc/crypto} (i.e., what is produced by \texttt{cat /proc/crypto}).

	\texttt{/proc/crypto} lists all the supported cryptographic algorithms and therefore can be reproduced or read. This is not like a \texttt{/dev/urandom}. Just using the output of \texttt{/proc/crypto} is not sufficient enough to be cryptographically suitable pseudo-randomess.

	\end{enumerate}