Loophole in Windows Random Number Generator 305
Invisible Pink Unicorn writes "A security loophole in the pseudo-random number generator used by Windows was recently detailed in a paper presented by researchers at the University of Haifa. The team found a way to decipher how the number generator works, and thus compute previous and future encryption keys used by the computer, and eavesdrop on private communication. Their conclusion is that Microsoft needs to improve the way it encodes information. They recommend that Microsoft publish the code of their random number generators as well as of other elements of the Windows security system to enable computer security experts outside Microsoft to evaluate their effectiveness. Although they only checked Windows 2000, they assume that XP and Vista use similar random number generators and may also be vulnerable. The full text of the paper is available in PDF format."
Comment removed (Score:4, Interesting)
Seed time (Score:3, Interesting)
Where's the white noise generator? (Score:5, Interesting)
Put white noise hardware and real random number hardware on PCs, and this whole problem goes away.
Similar but different? (Score:4, Interesting)
Re:Fixed in Vista? (Score:4, Interesting)
Hardware RNG (Score:5, Interesting)
Re:Hardware RNG (Score:4, Interesting)
If they had time in between cocking up all the WGA stuff, that is.
USB Hardware RND (Score:5, Interesting)
I got the idea from a project that used a webcam snapping pictures of a Lava Lamp® as a hardware RNG.
Re:The Vista RNG (Score:5, Interesting)
Re:Hardware RNG (Score:3, Interesting)
Look at it from a business perspective, microsoft will.
Re:Hardware RNG (Score:2, Interesting)
Scientific American - July 1985 (Score:2, Interesting)
Re:USB Hardware RND (Score:3, Interesting)
That was a decade ago though. Modern chips might be a lot more uniform. Also, a digital camera on your desktop is unlikely to be liquid nitrogen cooled, so the thermal noise will be higher anyway.