VectorLinux

Please login or register.

Login with username, password and session length
Advanced search  

News:

Visit our home page for VL info. For support and documentation, visit the Vector Linux Knowledge Center or search the Knowledge Center and this Forum using the search box above.

Author Topic: Windows PRNG loophole  (Read 1523 times)

easuter

  • Global Moderator
  • Vectorian
  • *****
  • Posts: 2160
Windows PRNG loophole
« on: November 13, 2007, 01:42:47 pm »

A loophole in Window's Pseudo Random Number Generator (PRGN) has been found. Apparently it is possible to discover past and even future numbers that the will be generated. This means that encryption keys created using the Windows PRNG can be discovered.
Security by obscurity doesn't work, how much proof does MS need?   ::)

http://www.eurekalert.org/pub_releases/2007-11/uoh-slf111207.php

And the paper itself: http://eprint.iacr.org/2007/419
Logged

exeterdad

  • Packager
  • Vectorian
  • ****
  • Posts: 2046
Re: Windows PRNG loophole
« Reply #1 on: November 13, 2007, 02:28:21 pm »

Quote
Their conclusion is that Microsoft needs to improve the way it encodes information. They recommend that Microsoft publish the code of their random number generators as well as of other elements of the "Windows" security system to enable computer security experts outside Microsoft to evaluate their effectiveness.

And equip hackers with what they need as well.
Logged

easuter

  • Global Moderator
  • Vectorian
  • *****
  • Posts: 2160
Re: Windows PRNG loophole
« Reply #2 on: November 14, 2007, 12:36:55 am »

Quote
And equip hackers with what they need as well.

Hacker already have what they need: an implementation of the WPRNG is in that paper, not to mention a full description of how it works.
What they meant is they want MS to open-source it, so the loophole can be quickly fixed.
Logged