Windows Vista Flaw in Window’s random number generator

  • Thread starter Thread starter The poster formerly known as 'The Poster Formerly
  • Start date Start date
T

The poster formerly known as 'The Poster Formerly

Guest
http://blogs.techrepublic.com.com/tech-news/?p=1560&tag=nl.e019

"Security researchers are claiming that the pseudo-random number
generator used by Microsoft in Windows is flawed. Only Windows 2000 is
evaluated, though the shortcomings of the random number generator are
most likely present in Windows XP and Vista.

Excerpt from The Register:

A team of cryptographers led by Dr. Benny Pinkas from the
Department of Computer Science at the University of Haifa, Israel, were
able to unravel how the CryptGenRandom function Windows 2000 worked,
without assistance from Microsoft. This analysis revealed that random
number generation in Windows 2000 is far from genuinely random — or even
pseudo-random.

Because of this it was possible for the researchers to predict
numbers generated by the software, after first determining the internal
state of the generator.

The implications here is that a local attack can be used to determine a
single state of the random number generator. It will be possible after
that to predict all random values, such as used in SSL keys, and
possibly other cryptographic functions.

If you enjoy reading Greek geek-stuffs, you can check out the results of
the research titled Cryptanalysis of the Windows Random Number Generator."

--
Priceless quotes in m.p.w.vista.general group -
Submit your nomination at the link below:
http://protectfreedom.tripod.com/kick.html

"Fair use is not merely a nice concept--it is a federal law based on
free speech rights under the First Amendment and is a cornerstone of the
creativity and innovation that is a hallmark of this country. Consumer
rights in the digital age are not frivolous."
- Maura Corbett
 
RE: Flaw in Window’s random number generator

RE: Flaw in Window’s random number generator

"Only Windows 2000 is
evaluated, though the shortcomings of the random number generator are
most likely present in Windows XP and Vista."

Don't waste my time, ****head!


"The poster formerly known as 'The Poster" wrote:

> http://blogs.techrepublic.com.com/tech-news/?p=1560&tag=nl.e019
>
> "Security researchers are claiming that the pseudo-random number
> generator used by Microsoft in Windows is flawed. Only Windows 2000 is
> evaluated, though the shortcomings of the random number generator are
> most likely present in Windows XP and Vista.
>
> Excerpt from The Register:
>
> A team of cryptographers led by Dr. Benny Pinkas from the
> Department of Computer Science at the University of Haifa, Israel, were
> able to unravel how the CryptGenRandom function Windows 2000 worked,
> without assistance from Microsoft. This analysis revealed that random
> number generation in Windows 2000 is far from genuinely random — or even
> pseudo-random.
>
> Because of this it was possible for the researchers to predict
> numbers generated by the software, after first determining the internal
> state of the generator.
>
> The implications here is that a local attack can be used to determine a
> single state of the random number generator. It will be possible after
> that to predict all random values, such as used in SSL keys, and
> possibly other cryptographic functions.
>
> If you enjoy reading Greek geek-stuffs, you can check out the results of
> the research titled Cryptanalysis of the Windows Random Number Generator."
>
> --
> Priceless quotes in m.p.w.vista.general group -
> Submit your nomination at the link below:
> http://protectfreedom.tripod.com/kick.html
>
> "Fair use is not merely a nice concept--it is a federal law based on
> free speech rights under the First Amendment and is a cornerstone of the
> creativity and innovation that is a hallmark of this country. Consumer
> rights in the digital age are not frivolous."
> - Maura Corbett
>
 
Nasty, nasty boy

Nasty, nasty boy


"Mick Murphy" <MickMurphy@discussions.microsoft.com> wrote in message
news:2062C71F-C8B1-4CD8-A03A-91C5322D28FE@microsoft.com...
> "Only Windows 2000 is
> evaluated, though the shortcomings of the random number generator are
> most likely present in Windows XP and Vista."
>
> Don't waste my time, ****head!

Wasn't it YOU just a FEW minutes ago telling some poster:


"Mick Murphy" <MickMurphy@discussions.microsoft.com> wrote in message
news:2382C5E4-E535-434E-9FD7-FD511F037EC5@microsoft.com...
> 1. this is a newsgroup; no personal email replies.
>


and you are nasty to people. Shouldn't you be told: this is a newsgroup,
no nasty name calling

Looks like you can dish it out but can't take it. By the way, do you go to
anger management class?

If not, you should

>
>
> "The poster formerly known as 'The Poster" wrote:
>
>> http://blogs.techrepublic.com.com/tech-news/?p=1560&tag=nl.e019
>>
>> "Security researchers are claiming that the pseudo-random number
>> generator used by Microsoft in Windows is flawed. Only Windows 2000 is
>> evaluated, though the shortcomings of the random number generator are
>> most likely present in Windows XP and Vista.
>>
>> Excerpt from The Register:
>>
>> A team of cryptographers led by Dr. Benny Pinkas from the
>> Department of Computer Science at the University of Haifa, Israel, were
>> able to unravel how the CryptGenRandom function Windows 2000 worked,
>> without assistance from Microsoft. This analysis revealed that random
>> number generation in Windows 2000 is far from genuinely random - or even
>> pseudo-random.
>>
>> Because of this it was possible for the researchers to predict
>> numbers generated by the software, after first determining the internal
>> state of the generator.
>>
>> The implications here is that a local attack can be used to determine a
>> single state of the random number generator. It will be possible after
>> that to predict all random values, such as used in SSL keys, and
>> possibly other cryptographic functions.
>>
>> If you enjoy reading Greek geek-stuffs, you can check out the results of
>> the research titled Cryptanalysis of the Windows Random Number
>> Generator."
>>
>> --
>> Priceless quotes in m.p.w.vista.general group -
>> Submit your nomination at the link below:
>> http://protectfreedom.tripod.com/kick.html
>>
>> "Fair use is not merely a nice concept--it is a federal law based on
>> free speech rights under the First Amendment and is a cornerstone of the
>> creativity and innovation that is a hallmark of this country. Consumer
>> rights in the digital age are not frivolous."
>> - Maura Corbett
>>
 
Re: Flaw in Window’s random number generator

Re: Flaw in Window’s random number generator

Mick Murphy wrote:
> "Only Windows 2000 is
> evaluated, though the shortcomings of the random number generator are
> most likely present in Windows XP and Vista."
>
> Don't waste my time, ****head!
>

Funny you blame me for 'waisting your time' when noone but you chose to
spend the time reading the post and article and responding to it. Also,
as I am not male, ****head seems wasted on me. :) My but you are a
wasteful person!

>
> "The poster formerly known as 'The Poster" wrote:
>
>> http://blogs.techrepublic.com.com/tech-news/?p=1560&tag=nl.e019
>>
>> "Security researchers are claiming that the pseudo-random number
>> generator used by Microsoft in Windows is flawed. Only Windows 2000 is
>> evaluated, though the shortcomings of the random number generator are
>> most likely present in Windows XP and Vista.
>>
>> Excerpt from The Register:
>>
>> A team of cryptographers led by Dr. Benny Pinkas from the
>> Department of Computer Science at the University of Haifa, Israel, were
>> able to unravel how the CryptGenRandom function Windows 2000 worked,
>> without assistance from Microsoft. This analysis revealed that random
>> number generation in Windows 2000 is far from genuinely random — or even
>> pseudo-random.
>>
>> Because of this it was possible for the researchers to predict
>> numbers generated by the software, after first determining the internal
>> state of the generator.
>>
>> The implications here is that a local attack can be used to determine a
>> single state of the random number generator. It will be possible after
>> that to predict all random values, such as used in SSL keys, and
>> possibly other cryptographic functions.
>>
>> If you enjoy reading Greek geek-stuffs, you can check out the results of
>> the research titled Cryptanalysis of the Windows Random Number Generator."


--
Priceless quotes in m.p.w.vista.general group -
Submit your nomination at the link below:
http://protectfreedom.tripod.com/kick.html

View nominations already submitted:
http://htmlgear.tripod.com/guest/control.guest?u=protectfreedom&i=1&a=view

"Fair use is not merely a nice concept--it is a federal law based on
free speech rights under the First Amendment and is a cornerstone of the
creativity and innovation that is a hallmark of this country. Consumer
rights in the digital age are not frivolous."
- Maura Corbett
 
Re: RE: Flaw in Window’s random number generator

Re: RE: Flaw in Window’s random number generator

=?Utf-8?B?TWljayBNdXJwaHk=?= <MickMurphy@discussions.microsoft.com>
wrote in news:2062C71F-C8B1-4CD8-A03A-91C5322D28FE@microsoft.com:

> "Only Windows 2000 is
> evaluated, though the shortcomings of the random number generator are
> most likely present in Windows XP and Vista."
>
> Don't waste my time, ****head!

It's a good bet it was just carried thru versions of Windows.
 
Back
Top