CAS-003 · Question #369
A security engineer is attempting to increase the randomness of numbers used in key generation in a system. The goal of the effort is to strengthen the keys against predictive analysis attacks. Which
The correct answer is A. Use an entropy-as-a-service vendor to leverage larger entropy pools.. Cryptographic key strength depends heavily on the quality of entropy (true randomness) used during key generation. Pseudo-random number generators (PRNGs) are deterministic algorithms - they produce sequences that appear random but are mathematically predictable given the seed va
Question
A security engineer is attempting to increase the randomness of numbers used in key generation in a system. The goal of the effort is to strengthen the keys against predictive analysis attacks. Which of the following is the BEST solution?
Options
- AUse an entropy-as-a-service vendor to leverage larger entropy pools.
- BLoop multiple pseudo-random number generators in a series to produce larger numbers.
- CIncrease key length by two orders of magnitude to detect brute forcing.
- DShift key generation algorithms to ECC algorithms.
How the community answered
(48 responses)- A83% (40)
- B8% (4)
- C2% (1)
- D6% (3)
Explanation
Cryptographic key strength depends heavily on the quality of entropy (true randomness) used during key generation. Pseudo-random number generators (PRNGs) are deterministic algorithms - they produce sequences that appear random but are mathematically predictable given the seed value. This makes them vulnerable to predictive analysis attacks. An entropy-as-a-service (EaaS) vendor provides access to large pools of true entropy, often harvested from physical phenomena (hardware noise, atmospheric data, quantum events), making the generated keys genuinely unpredictable. Option B is wrong because chaining multiple PRNGs still produces pseudo-random output - garbage in, garbage out. Option C (increasing key length) improves brute-force resistance but does nothing to address the predictability of the key generation process itself. Option D (ECC) changes the mathematical algorithm for key operations but doesn't address the entropy source used to generate the keys.
Topics
Community Discussion
No community discussion yet for this question.