Slashdot Mirror

← Back to Stories (view on slashdot.org)

Loophole in Windows Random Number Generator

Posted by CmdrTaco on from the heads-i-win-tails-you-lose dept.

Invisible Pink Unicorn writes "A security loophole in the pseudo-random number generator used by Windows was recently detailed in a paper presented by researchers at the University of Haifa. The team found a way to decipher how the number generator works, and thus compute previous and future encryption keys used by the computer, and eavesdrop on private communication. Their conclusion is that Microsoft needs to improve the way it encodes information. They recommend that Microsoft publish the code of their random number generators as well as of other elements of the Windows security system to enable computer security experts outside Microsoft to evaluate their effectiveness. Although they only checked Windows 2000, they assume that XP and Vista use similar random number generators and may also be vulnerable. The full text of the paper is available in PDF format."

7 of 305 comments (clear)

  1. Re:Hardware RNG by $RANDOMLUSER · · Score: 5, Insightful

    Now why would you assume Microsoft would use the hardware RNG when they have thier own, much better, proprietary RNG available?

    --
    No folly is more costly than the folly of intolerant idealism. - Winston Churchill
  2. Fixed in Vista? by adonoman · · Score: 5, Insightful
    http://msdn.microsoft.com/msdnmag/issues/07/07/Security/default.aspx has the new API, including a RNG

    that meets Federal Information Processing Standards (FIPS) for use with the Digital Signature Algorithm (DSA). There's a lot I don't like about Vista, but for security researchers to "assume that XP and Vista use similar random number generators and may also be vulnerable" without a basic google search is a bit much!
  3. Re:Hardware RNG by thePsychologist · · Score: 4, Insightful
    It might only be a problem for 2000 users:

    According to the researchers, who have already notified the Microsoft security response team about their discovery, although they only checked "Windows 2000" (which is currently the third most popular operating system in use) they assume that newer versions of "Windows", XP and Vista, use similar random number generators and may also be vulnerable.
    --
    "What lies behind us, and what lies before us are tiny matters compared to what lies within us." Ralph Waldo Emerson
  4. Re:Hardware RNG by thePsychologist · · Score: 4, Insightful

    This is classic behaviour on Slashdot. I point out this might not be a big of a problem as it seems (as they only tested Windows 2000, and not XP or Vista, both combined are far more used than 2000), and I'm modded as troll, only because (I presume) that I'm providing evidence that a problem with Microsoft isn't as serious as it seems (i.e. I'm getting in the way of MS bashing).

    --
    "What lies behind us, and what lies before us are tiny matters compared to what lies within us." Ralph Waldo Emerson
  5. the number of affected users enbiggens the problem by doti · · Score: 5, Insightful

    only tested Windows 2000, and not XP or Vista, both combined are far more used than 2000 Still, 2000 has more (desktop) users than Linux. By your logic, if there were a similar problem in Linux, it would be less of a problem?
    --
    factor 966971: 966971
  6. Re:Hardware RNG by Belial6 · · Score: 4, Insightful
    You actually didn't provide any evidence that the problem doesn't affect XP or Vista, you just suggested that the two newer version should be trusted immediately after finding out that 2000 has a bug in an unlikely to be updated part of the system. The non-troll way of highlighting this information would be:

    That is a problem. I am eagerly awaiting the tests of XP and Vista to see if this was fixed for them.

    You could probably even slip a little bias in there without being called a troll with:

    They are going to test with XP and Vista aren't they? After all, it should be trivial to test this on the newer systems if the cryptography hasn't been changed. I mean what kind of security researcher just assumes the functionality of a security system?

    Of course, it would be a little silly to assume that this does not affect at least XP, as 2000 was still under maintenance when XP was released, so if the bug was found during the development of XP, it should have been fixed in 2000. It would look far worse for Microsoft if they KNEW about a security hole in 2000 while it was still under maintanace, and did not bother to back port the fix from XP.
  7. Re:Hardware RNG by thebdj · · Score: 4, Insightful

    A new RNG is not really a selling point, the only way it will help their bottom line is if enough people know about flaws in the old one that it's profitable to replace it. Actually it can be, since it would be necessary to use a FIPS compliant PRNG to perform certain operations, they would need to have one. I suspect (see my other posts) that this is from a deprecated cryptographic service provider that MS no longer providers (DSS_BASE). If you check out the information on the CMVP website for the RNG Validation Lists, you will see they implement FIPS 186-2 PRNGs, which the paper itself admits (Appendix B) has some forward security and is not the PRNG they are attacking here.
    --
    "Some days you just can't get rid of a bomb."