Loophole in Windows Random Number Generator

Posted by CmdrTaco on Monday November 12, 2007 @04:27AM from the heads-i-win-tails-you-lose dept.

Invisible Pink Unicorn writes "A security loophole in the pseudo-random number generator used by Windows was recently detailed in a paper presented by researchers at the University of Haifa. The team found a way to decipher how the number generator works, and thus compute previous and future encryption keys used by the computer, and eavesdrop on private communication. Their conclusion is that Microsoft needs to improve the way it encodes information. They recommend that Microsoft publish the code of their random number generators as well as of other elements of the Windows security system to enable computer security experts outside Microsoft to evaluate their effectiveness. Although they only checked Windows 2000, they assume that XP and Vista use similar random number generators and may also be vulnerable. The full text of the paper is available in PDF format."

2 of 305 comments (clear)

Min score:

Reason:

Sort:

Re:Hardware RNG by trifish · 2007-11-12 06:28 · Score: 0, Flamebait

Who were the idiots who modded that as flamebait and troll? I'm going to take care of you when I have meta-mod points. Hopefully, you won't moderate again.
Re:USB Hardware RND by Lord+Ender · 2007-11-12 07:27 · Score: 0, Flamebait

I'm trying really hard to think of a less exciting hobby than yours. I just. can't. do it.

Wow.

--
A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.