Slashdot Mirror

← Back to Stories (view on slashdot.org)

Linux RNG May Be Insecure After All

Posted by Unknown on from the proofs-ahead dept.

Okian Warrior writes "As a followup to Linus's opinion about people skeptical of the Linux random number generator, a new paper analyzes the robustness of /dev/urandom and /dev/random . From the paper: 'From a practical side, we also give a precise assessment of the security of the two Linux PRNGs, /dev/random and /dev/urandom. In particular, we show several attacks proving that these PRNGs are not robust according to our definition, and do not accumulate entropy properly. These attacks are due to the vulnerabilities of the entropy estimator and the internal mixing function of the Linux PRNGs. These attacks against the Linux PRNG show that it does not satisfy the "robustness" notion of security, but it remains unclear if these attacks lead to actual exploitable vulnerabilities in practice.'" Of course, you might not even be able to trust hardware RNGs. Rather than simply proving that the Linux PRNGs are not robust thanks to their run-time entropy estimator, the authors provide a new property for proving the robustness of the entropy accumulation stage of a PRNG, and offer an alternative PRNG model and proof that is both robust and more efficient than the current Linux PRNGs.

10 of 240 comments (clear)

  1. Dilbert RNG by johnsnails · · Score: 5, Funny

    http://dilbert.com/dyn/str_strip/000000000/00000000/0000000/000000/00000/2000/300/2318/2318.strip.gif

    1. Re:Dilbert RNG by The+MAZZTer · · Score: 4, Funny

      http://xkcd.com/221/

    2. Re:Dilbert RNG by AlphaWoIf_HK · · Score: 5, Funny

      I didn't even click on the link and knew it was some fag linking xkcd.

      Well, it is a link that leads to xkcd.com, so it's not exactly difficult to figure out that that's where the link leads.

      --
      Da derp dee derp da teedly derpee derpee dum. Rated PG-13.
    3. Re:Dilbert RNG by gandhi_2 · · Score: 5, Funny

      http://www.penny-arcade.com/comic/2004/03/19

      --
      THL phish sticks
    4. Re:Dilbert RNG by marcello_dl · · Score: 2, Funny

      True slashdotters do not read the links either.

      --
      ---- MISSING MISCELLANEOUS DATA SEGMENT --- [sigdash] trolololol
  2. Dupe! by VanessaE · · Score: 5, Funny

    .....wait! it's not what you think.

    "a new paper analyzes the robustness of /dev/urandom and /dev/urandom."

    So now we're putting the dupes together into the same summary? Jeez, can't we at least wait a few hours first?

    1. Re:Dupe! by Anonymous Coward · · Score: 3, Funny

      Coincidence. They were chosen at random.

  3. Re:Yawn by mrchaotica · · Score: 3, Funny

    For real security you need specialized hardware devices.

    Yep. I think it's about time to hook up the ol' lava lamp.

    --

    "[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz

  4. Re: Random number generators are hard by pspahn · · Score: 3, Funny

    Pick two random dates between 1950 (or earlier... arbitrary cut-off) and today. Then go to that date and find all the sports scores from that day. Do some random math on those scores independently. Then take those two results and do some more random math between the two.

    Add in more Nth days as you please.

    That enough entropy for you? I guess it might not be. I suppose you could also factor in which days of the week the Cleveland Browns are likely to win on, since that is definitely random.

    --
    Someone flopped a steamer in the gene pool.
  5. Panic! by Anonymous Coward · · Score: 2, Funny

    I'm having a security panic over here!

    as a quick fix I deleted /dev/random and did ln -s /dev/zero /dev/random