Microsoft .NET PRNG (fwd)

Ed Gerck egerck at nma.com
Tue Aug 10 13:42:13 EDT 2004


The PRNG should be the least concern when using MSFT's cryptographic
provider. The MSFT report 140sp238.pdf says:

	RSAENH stores keys in the file system, but relies upon Microsoft
	Windows XP for the encryption of the keys prior to storage.

Not only RSAENH writes keys to a lower-security file system... it also does
not provide the encryption security to protect those keys. Because RSAENH
trusts Windows XP to provide that critical link in the security, RSAENH cannot
be trusted to provide the security. In addition, there is a third problem in
securing the keys, namely the security gap between RSAENH and Windows XP.

The most troubling aspect, however, is that RSAENH makes it easy to provide
a covert channel for key access. FIPS 140-1 Level 1 compliant.

Cheers,
Ed Gerck


Anton Stiglic wrote:

> There is some detail in the FIPS 140 security policy of Microsoft's
> cryptographic provider, for Windows XP and Windows 2000.  See for example
> http://csrc.nist.gov/cryptval/140-1/140sp/140sp238.pdf
> 
> where they say the RNG is based on FIPS 186 RNG using SHS.  The seed is
> based on the collection of allot of data, enumerated in the security policy.
> 
> I would guess that what is written is true, less NIST would look very bad if
> someone reversed engineered the code and showed that what they certified was
> wrong.
> 
> So based on that it would seem that the PRNG in recent Microsoft
> cryptographic providers is o.k.
> 
> --Anton
> 
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
> 
> 
> 

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list