AverageSecurityGuy’s 2017 Entry: A PRNG that Zeroes its Seed


AverageSecurityGuy‘s entry to the 2017 Underhanded Crypto Contest is a pseudorandom number generator that zeroes out its own seed. The code generates two actually-random seeds for the generator and then “shuffles” them as follows, where “xor_byte_arrays” is a function that XORs two byte arrays together and returns the result in a new array:

Shuffle the keys with XOR
final := xor_byte_arrays(key, key2)
key2 = xor_byte_arrays(key2, final)
final = xor_byte_arrays(key, key2)

Of course, the end result of this process will be ((key ^ key2) ^ key2) ^ key = 0. The lesson here is that backdoors can hide in extraneous operations that might seem fine at a glance (“A random string XORed with another random string is still a random string, right?”), so making sure there’s a known purpose for every operation and line of code can help defend against this type of backdoor.

You can find AverageSecurityGuy’s complete submission on the entry archive.

Recent Posts