Presentation: "Predictably Random"

Track: TOOLS AND PERFORMANCE / Time: Monday 16:15 - 17:15 / Location: Lille Sal, Archauz

Random numbers are secure as long as you choose a good seed, right?  This was my assumption until I actually did some reading on the topic.  I found that many web developers know very little about pseudo random number generation, and in a security context, this can prove deadly.  I'm going to show how simple it is, with almost no maths, to break into a system that is using random numbers badly.  I'll follow this up with advice on how to safely generate secure random tokens on any platform.

Keywords: Security, code reviews, random numbers, hacking

Target audience: Any web developers that find the maths behind cryptography and pseudo random number generation scary, and anyone who is interested in delivering secure web applications.



Download slides

James Roper, Java developer, Atlassian

James Roper

Biography: James Roper

James found breaking into behind the firewall systems at a manufacturing plant too easy when he started his career, so he moved to Atlassian where he could challenge himself in finding vulnerabilities in web facing systems.  When he's not causing strife, he's a Java developer working on Atlassians hosted systems, and has a keen interest in open social web standards.

Software passion: Breaking not just software, but common software practices and understandings, and making them stronger as a result.

Twitter name: @jroper
Company blog:
Personal blog:
Other information/projects: James is a committer for Pebble and the Maven CLI plugin.