Slashdot Mirror
Loophole in Windows Random Number Generator
Invisible Pink Unicorn writes "A security loophole in the pseudo-random number generator used by Windows was recently detailed in a paper presented by researchers at the University of Haifa. The team found a way to decipher how the number generator works, and thus compute previous and future encryption keys used by the computer, and eavesdrop on private communication. Their conclusion is that Microsoft needs to improve the way it encodes information. They recommend that Microsoft publish the code of their random number generators as well as of other elements of the Windows security system to enable computer security experts outside Microsoft to evaluate their effectiveness. Although they only checked Windows 2000, they assume that XP and Vista use similar random number generators and may also be vulnerable. The full text of the paper is available in PDF format."
stop eating smurfs.
liqbase
> The random number generator for XP and 2K3 server was substantially improved over that
> of Win 2000.
You know this, of course, because you have reviewed the source code.
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
1) Post a comment that is obviously not a troll.
2) Log in with your other account and mod yourself "-1 Troll."
3) Log back in and post a complaint about the oppressive moderation system.
4) Watch as both of your comments get modded to +5.
5) ???
6) Karma += 8
or another way to look at it...
Axiom: Any sufficiently large number of people will contain some number of idiots.
Proposition: The slashdot moderator pool contains a sufficiently large number of people.
Conclusion: This is normal and expected--stop whining and man up, Nancy!
A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.