virtualization as a threat to RNG
Dan Geer
dan at geer.org
Tue Mar 20 20:14:26 EDT 2007
Quoting from a discussion of threat posed by software virtualization as
found in Symantec's ISTR:xi, released today:
> The second type of threat that Symantec believes could emerge is
> related to the impact that softwarevirtualized computers may have on
> random number generators that are used inside guest operating systems
> on virtual machines. This speculation is based on some initial work
> done by Symantec Advanced Threat Research in a paper on GS and ASLR in
> Windows Vista. This research showed that the method used to generate
> the random locations employed in some security technologies would,
> under certain circumstances, differ wildly in a software-virtualized
> instance of the operating system. If this proves to be true, it could
> have considerable implications for a number of different technologies
> that rely on good randomness, such as unique identifiers, as well as
> the seeds used in encryption.
--dan
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list