VectorLinux
September 30, 2014, 10:40:38 pm *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Visit our home page for VL info. To search the old message board go to http://vectorlinux.com/forum1. The first VL forum is temporarily offline until we can find a host for it. Thanks for your patience.
 
Now powered by KnowledgeDex.
   Home   Help Search Login Register  
Please support VectorLinux!
Pages: [1]
  Print  
Author Topic: Windows PRNG loophole  (Read 1296 times)
easuter
Global Moderator
Vectorian
*****
Posts: 2160



« on: November 13, 2007, 01:42:47 pm »

A loophole in Window's Pseudo Random Number Generator (PRGN) has been found. Apparently it is possible to discover past and even future numbers that the will be generated. This means that encryption keys created using the Windows PRNG can be discovered.
Security by obscurity doesn't work, how much proof does MS need?   Roll Eyes

http://www.eurekalert.org/pub_releases/2007-11/uoh-slf111207.php

And the paper itself: http://eprint.iacr.org/2007/419
Logged

exeterdad
Packager
Vectorian
****
Posts: 2046



« Reply #1 on: November 13, 2007, 02:28:21 pm »

Quote
Their conclusion is that Microsoft needs to improve the way it encodes information. They recommend that Microsoft publish the code of their random number generators as well as of other elements of the "Windows" security system to enable computer security experts outside Microsoft to evaluate their effectiveness.

And equip hackers with what they need as well.
Logged
easuter
Global Moderator
Vectorian
*****
Posts: 2160



« Reply #2 on: November 14, 2007, 12:36:55 am »

Quote
And equip hackers with what they need as well.

Hacker already have what they need: an implementation of the WPRNG is in that paper, not to mention a full description of how it works.
What they meant is they want MS to open-source it, so the loophole can be quickly fixed.
Logged

Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2013, Simple Machines Valid XHTML 1.0! Valid CSS!