Fwd: [funsec] "Loophole in Windows Random Number Generator" (slashdot)

silky michaelslists at gmail.com
Mon Nov 12 18:45:01 EST 2007

---------- Forwarded message ----------
From: Paul Vixie <paul at vix.com>
Date: Nov 13, 2007 10:06 AM
Subject: [funsec] "Loophole in Windows Random Number Generator" (slashdot)
To: funsec at linuxbox.org

"A security loophole in the pseudo-random number generator used by Windows was
recently detailed in a paper presented by researchers at the University of
Haifa. The team found a way to decipher how the number generator works, and
thus compute previous and future encryption keys used by the computer, and
eavesdrop on private communication. Their conclusion is that Microsoft needs
to improve the way it encodes information. They recommend that Microsoft
publish the code of their random number generators as well as of other
elements of the Windows security system to enable computer security experts
outside Microsoft to evaluate their effectiveness. Although they only checked
Windows 2000, they assume that XP and Vista use similar random number
generators and may also be vulnerable. The full text of the paper is available
in PDF format."

Fun and Misc security discussion for OT posts.
Note: funsec is a public and open mailing list.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list