Loophole in Windows Random Number Generator 305
Invisible Pink Unicorn writes "A security loophole in the pseudo-random number generator used by Windows was recently detailed in a paper presented by researchers at the University of Haifa. The team found a way to decipher how the number generator works, and thus compute previous and future encryption keys used by the computer, and eavesdrop on private communication. Their conclusion is that Microsoft needs to improve the way it encodes information. They recommend that Microsoft publish the code of their random number generators as well as of other elements of the Windows security system to enable computer security experts outside Microsoft to evaluate their effectiveness. Although they only checked Windows 2000, they assume that XP and Vista use similar random number generators and may also be vulnerable. The full text of the paper is available in PDF format."
31784 (Score:5, Funny)
The Vista RNG (Score:5, Funny)
Your system must meet the requirements to be able to run the Windows Random Number Generator on Vista. Otherwise, you will need to use Windows Number Generator Basic. The only number WNGB can generate is 4.
Novell (Score:5, Funny)
Re:Huh? (Score:5, Funny)
Date: received 4 Nov 2007
Old indeed. 8 days. That's a lot, Microsoft might have already fixed it, you see, they fix things fast!
Re:Huh? (Score:2, Funny)
Spearmen (Score:2, Funny)
Re:The Vista RNG (Score:5, Funny)
Re:Hardware RNG (Score:5, Funny)
After all, they spent so much time perfecting it in Excel 2007!
ob XKCD reference (Score:5, Funny)
http://xkcd.com/221/ [xkcd.com]
Does this mean... (Score:5, Funny)
Re:Where's the white noise generator? (Score:5, Funny)
A white noise generator? Bah... What systems need are pop-o-matic bubbles with m * 2^n sided dice to generate m * n bits. It could even put a window up saying, "The entropy pool is depleted. Please press the pop-o-matic bubble to generate more."
That would be awesome
Re:Hardware RNG (Score:5, Funny)
"Hey guys, I dont think the random number generator is random enough today - it came up with 2 prime numbers in a row! Anyone feel like taking a few days to rewrite it, test it, introduce a few bugs, document it, seal off the documentation to make sure nobody finds it, and go take it up to Steve? I hear he's out of chairs right now so it should be okay".
Is there a list of slots machines that run windows (Score:5, Funny)
Re:31784 (Score:3, Funny)
Damn you Johnny Two-Tone!
Re:Hardware RNG (Score:3, Funny)
Re:31784 (Score:3, Funny)
Oh, wait, that was Landru.
Re:Hardware RNG (Score:5, Funny)
Re:Hardware RNG (Score:3, Funny)
Re:Where's the white noise generator? (Score:5, Funny)
Re:Hardware RNG (Score:3, Funny)
Re:Hardware RNG (Score:4, Funny)
Re:Hardware RNG (Score:5, Funny)
Re:Hardware RNG (Score:5, Funny)
Okay, module 14537r Random Number Generator. Teams, who wants do do this ? No, it's not boring. Come on. Okay, draw straws. Jones, you win. Yes, sure you can get the intern to write it. You carry on with the Clippy enhancements.
Re:Hardware RNG (Score:3, Funny)
Like a strong Brownian motion producer (say, a cup of hot tea)?
Beef.
Re:Hardware RNG (Score:1, Funny)
I think there are more Amiga users online than that, so can't be much of a security issue.
Re:the number of affected users enbiggens the prob (Score:2, Funny)
Re:Not so severe (Score:3, Funny)