virtualization as a threat to RNG

Dan Geer dan at
Tue Mar 20 20:14:26 EDT 2007

Quoting from a discussion of threat posed by software virtualization as 
found in Symantec's ISTR:xi, released today:

> The second type of threat that Symantec believes could emerge is 
> related to the impact that softwarevirtualized computers may have on 
> random number generators that are used inside guest operating systems 
> on virtual machines. This speculation is based on some initial work 
> done by Symantec Advanced Threat Research in a paper on GS and ASLR in 
> Windows Vista. This research showed that the method  used to generate 
> the random locations employed in some security technologies would, 
> under certain circumstances, differ wildly in a software-virtualized 
> instance of the operating system. If this proves to  be true, it could 
> have considerable implications for a number of different technologies 
> that rely on good randomness, such as unique identifiers, as well as 
> the seeds used in encryption.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list