TechTalkz.com Logo Ask the Experts!

Go Back   TechTalkz.com Technology & Computer Troubleshooting Forums > Tech Support Archives > Microsoft > Windows Vista All

Flaw in Window’s random number generator

Windows Vista All

 
 
Thread Tools Display Modes
Unread 15-11-2007, 05:01 PM   #1
The poster formerly known as 'The Poster Formerly Known as Nina DiBoy'
Guest
 
Posts: n/a
Flaw in Window’s random number generator

http://blogs.techrepublic.com.com/te...60&tag=nl.e019

"Security researchers are claiming that the pseudo-random number
generator used by Microsoft in Windows is flawed. Only Windows 2000 is
evaluated, though the shortcomings of the random number generator are
most likely present in Windows XP and Vista.

Excerpt from The Register:

A team of cryptographers led by Dr. Benny Pinkas from the
Department of Computer Science at the University of Haifa, Israel, were
able to unravel how the CryptGenRandom function Windows 2000 worked,
without assistance from Microsoft. This analysis revealed that random
number generation in Windows 2000 is far from genuinely random — or even
pseudo-random.

Because of this it was possible for the researchers to predict
numbers generated by the software, after first determining the internal
state of the generator.

The implications here is that a local attack can be used to determine a
single state of the random number generator. It will be possible after
that to predict all random values, such as used in SSL keys, and
possibly other cryptographic functions.

If you enjoy reading Greek geek-stuffs, you can check out the results of
the research titled Cryptanalysis of the Windows Random Number Generator."

--
Priceless quotes in m.p.w.vista.general group -
Submit your nomination at the link below:
http://protectfreedom.tripod.com/kick.html

"Fair use is not merely a nice concept--it is a federal law based on
free speech rights under the First Amendment and is a cornerstone of the
creativity and innovation that is a hallmark of this country. Consumer
rights in the digital age are not frivolous."
- Maura Corbett

Sponsored Links
 
Unread 15-11-2007, 10:02 PM   #2
Mick Murphy
Guest
 
Posts: n/a
RE: Flaw in Window’s random number generator

"Only Windows 2000 is
evaluated, though the shortcomings of the random number generator are
most likely present in Windows XP and Vista."

Don't waste my time, cockhead!


"The poster formerly known as 'The Poster" wrote:

> http://blogs.techrepublic.com.com/te...60&tag=nl.e019
>
> "Security researchers are claiming that the pseudo-random number
> generator used by Microsoft in Windows is flawed. Only Windows 2000 is
> evaluated, though the shortcomings of the random number generator are
> most likely present in Windows XP and Vista.
>
> Excerpt from The Register:
>
> A team of cryptographers led by Dr. Benny Pinkas from the
> Department of Computer Science at the University of Haifa, Israel, were
> able to unravel how the CryptGenRandom function Windows 2000 worked,
> without assistance from Microsoft. This analysis revealed that random
> number generation in Windows 2000 is far from genuinely random — or even
> pseudo-random.
>
> Because of this it was possible for the researchers to predict
> numbers generated by the software, after first determining the internal
> state of the generator.
>
> The implications here is that a local attack can be used to determine a
> single state of the random number generator. It will be possible after
> that to predict all random values, such as used in SSL keys, and
> possibly other cryptographic functions.
>
> If you enjoy reading Greek geek-stuffs, you can check out the results of
> the research titled Cryptanalysis of the Windows Random Number Generator."
>
> --
> Priceless quotes in m.p.w.vista.general group -
> Submit your nomination at the link below:
> http://protectfreedom.tripod.com/kick.html
>
> "Fair use is not merely a nice concept--it is a federal law based on
> free speech rights under the First Amendment and is a cornerstone of the
> creativity and innovation that is a hallmark of this country. Consumer
> rights in the digital age are not frivolous."
> - Maura Corbett
>

 
Unread 15-11-2007, 10:03 PM   #3
Bill Yanaire
Guest
 
Posts: n/a
Nasty, nasty boy


"Mick Murphy" <MickMurphy@discussions.microsoft.com> wrote in message
news:2062C71F-C8B1-4CD8-A03A-91C5322D28FE@microsoft.com...
> "Only Windows 2000 is
> evaluated, though the shortcomings of the random number generator are
> most likely present in Windows XP and Vista."
>
> Don't waste my time, cockhead!


Wasn't it YOU just a FEW minutes ago telling some poster:


"Mick Murphy" <MickMurphy@discussions.microsoft.com> wrote in message
news:2382C5E4-E535-434E-9FD7-FD511F037EC5@microsoft.com...
> 1. this is a newsgroup; no personal email replies.
>



and you are nasty to people. Shouldn't you be told: this is a newsgroup,
no nasty name calling

Looks like you can dish it out but can't take it. By the way, do you go to
anger management class?

If not, you should

>
>
> "The poster formerly known as 'The Poster" wrote:
>
>> http://blogs.techrepublic.com.com/te...60&tag=nl.e019
>>
>> "Security researchers are claiming that the pseudo-random number
>> generator used by Microsoft in Windows is flawed. Only Windows 2000 is
>> evaluated, though the shortcomings of the random number generator are
>> most likely present in Windows XP and Vista.
>>
>> Excerpt from The Register:
>>
>> A team of cryptographers led by Dr. Benny Pinkas from the
>> Department of Computer Science at the University of Haifa, Israel, were
>> able to unravel how the CryptGenRandom function Windows 2000 worked,
>> without assistance from Microsoft. This analysis revealed that random
>> number generation in Windows 2000 is far from genuinely random - or even
>> pseudo-random.
>>
>> Because of this it was possible for the researchers to predict
>> numbers generated by the software, after first determining the internal
>> state of the generator.
>>
>> The implications here is that a local attack can be used to determine a
>> single state of the random number generator. It will be possible after
>> that to predict all random values, such as used in SSL keys, and
>> possibly other cryptographic functions.
>>
>> If you enjoy reading Greek geek-stuffs, you can check out the results of
>> the research titled Cryptanalysis of the Windows Random Number
>> Generator."
>>
>> --
>> Priceless quotes in m.p.w.vista.general group -
>> Submit your nomination at the link below:
>> http://protectfreedom.tripod.com/kick.html
>>
>> "Fair use is not merely a nice concept--it is a federal law based on
>> free speech rights under the First Amendment and is a cornerstone of the
>> creativity and innovation that is a hallmark of this country. Consumer
>> rights in the digital age are not frivolous."
>> - Maura Corbett
>>



 
Unread 16-11-2007, 12:04 AM   #4
The poster formerly known as 'The Poster Formerly Known as Nina DiBoy'
Guest
 
Posts: n/a
Re: Flaw in Window’s random number generator

Mick Murphy wrote:
> "Only Windows 2000 is
> evaluated, though the shortcomings of the random number generator are
> most likely present in Windows XP and Vista."
>
> Don't waste my time, cockhead!
>


Funny you blame me for 'waisting your time' when noone but you chose to
spend the time reading the post and article and responding to it. Also,
as I am not male, cockhead seems wasted on me. My but you are a
wasteful person!

>
> "The poster formerly known as 'The Poster" wrote:
>
>> http://blogs.techrepublic.com.com/te...60&tag=nl.e019
>>
>> "Security researchers are claiming that the pseudo-random number
>> generator used by Microsoft in Windows is flawed. Only Windows 2000 is
>> evaluated, though the shortcomings of the random number generator are
>> most likely present in Windows XP and Vista.
>>
>> Excerpt from The Register:
>>
>> A team of cryptographers led by Dr. Benny Pinkas from the
>> Department of Computer Science at the University of Haifa, Israel, were
>> able to unravel how the CryptGenRandom function Windows 2000 worked,
>> without assistance from Microsoft. This analysis revealed that random
>> number generation in Windows 2000 is far from genuinely random — or even
>> pseudo-random.
>>
>> Because of this it was possible for the researchers to predict
>> numbers generated by the software, after first determining the internal
>> state of the generator.
>>
>> The implications here is that a local attack can be used to determine a
>> single state of the random number generator. It will be possible after
>> that to predict all random values, such as used in SSL keys, and
>> possibly other cryptographic functions.
>>
>> If you enjoy reading Greek geek-stuffs, you can check out the results of
>> the research titled Cryptanalysis of the Windows Random Number Generator."



--
Priceless quotes in m.p.w.vista.general group -
Submit your nomination at the link below:
http://protectfreedom.tripod.com/kick.html

View nominations already submitted:
http://htmlgear.tripod.com/guest/con...dom&i=1&a=view

"Fair use is not merely a nice concept--it is a federal law based on
free speech rights under the First Amendment and is a cornerstone of the
creativity and innovation that is a hallmark of this country. Consumer
rights in the digital age are not frivolous."
- Maura Corbett
 
Unread 16-11-2007, 02:58 AM   #5
DanS
Guest
 
Posts: n/a
Re: RE: Flaw in Window’s random number generator

Sponsored Links
=?Utf-8?B?TWljayBNdXJwaHk=?= <MickMurphy@discussions.microsoft.com>
wrote in news:2062C71F-C8B1-4CD8-A03A-91C5322D28FE@microsoft.com:

> "Only Windows 2000 is
> evaluated, though the shortcomings of the random number generator are
> most likely present in Windows XP and Vista."
>
> Don't waste my time, cockhead!


It's a good bet it was just carried thru versions of Windows.

Sponsored Links
 
 

Thread Tools
Display Modes



< Home - Windows Help - MS Office Help - Hardware Support >


New To Site? Need Help?

All times are GMT. The time now is 10:09 PM.


vBulletin, Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
Copyright © 2005-2016, TechTalkz.com. All Rights Reserved - Privacy Policy
Valid XHTML 1.0 Transitional