Cryptanalysis of the windows random number generator

Proceedings of the ACM Conference on Computer and Communications Security

Volumn , Issue , 2007, Pages 476-485

  Dorrendorf, Leo ^a   Gutterman, Zvi ^a   Pinkas, Benny ^b  

^a HEBREW UNIVERSITY OF JERUSALEM   (Israel)

^b UNIVERSITY OF HAIFA   (Israel)

Author keywords

Cryptanalysis; Pseudo random number generator (PRNG); Windows operating system

Indexed keywords

BUFFER OVERFLOW ATTACKS; CRYPTANALYSIS; EXACT ALGORITHMS; INTERNAL STATE; MICROSOFT; OPERATING SYSTEMS; PSEUDO RANDOM NUMBER GENERATORS; PSEUDORANDOMNESS; RANDOM NUMBER GENERATORS; RANDOM VALUES; RUNNING-IN; SINGLE STATE; WINDOWS 2000; WINDOWS XP;

ALGORITHMS; BINARY CODES; CRYPTOGRAPHY; KEYS (FOR LOCKS); NUMBER THEORY; RANDOM NUMBER GENERATION; SECURITY OF DATA;

WINDOWS OPERATING SYSTEM;

EID: 70350303568     PISSN: 15437221     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1315245.1315304     Document Type: Conference Paper

References (16)

1. AIS 20: Functionality classes and evaluation methodology for deterministic random number generators. Application Notes and Interpretations of the Scheme (AIS) Version 1, Bundesamt für Sicherheit in der Informationstechnik, Dec. 1999.
2. B. Barak and S. Halevi. An architecture for robust pseudo-random generation and applications to/dev/random. In Proc. ACM Conf. on Computing and Communication Security (ACM CCS), 2005.
3. D. Beaver and S. Haber. Cryptographic protocols provably secure against dynamic adversaries. In EUROCRYPT '92, pages 307-323, 1992.
4. M. Bellare and B. S. Yee. Forward-security in private-key cryptography. In M. Joye, editor, CT-RSA '03, volume 2612 of Lecture Notes in Computer Science, pages 1-18. Springer, 2003.
5. T. de Raadt, N. Hallqvist, A. Grabowski, A. D. Keromytis, and N. Provos. Cryptography in openbsd: An overview. In USENIX Annual Technical Conf., FREENIX Track, pages 93-101, 1999.
6. S. R. Fluhrer, I. Mantin, and A. Shamir. Weaknesses in the key scheduling algorithm of RC4. In SAC '01, pages 1-24. Springer-Verlag, 2001.
7. I. Goldberg and D. Wagner. Randomness in the netscape browser. Dr. Dobb's Journal, January 1996.
8. P. Gutmann. Software generation of practically strong random numbers. In Proc. of 7th USENIX Security Symposium, 1998. An updated version appears in http://www.cypherpunks.to/~peter/06-randompdf.
9. Z. Gutterman and D. Malkhi. Hold your sessions: An attack on java session-id generation. In CT-RSA '05, volume 3376 of LNCS, pages 44-57. Springer, 2005.
10. Z. Gutterman, B. Pinkas, and T. Reinman. Analysis of the linux random number generator. In IEEE Symp. on Security and Privacy, Oakland, CA, USA, May 2006.
11. M. Howard and D. LeBlanc. Writing Secure Code. Microsoft Press, 2 edition, April 2002.
12. J. Kelsey. Entropy and entropy sources in x9.82. http://csrc.nist.gov/ CryptoToolkit/RNG/Workshop/EntropySourcespdf, July 2004.
13. J. Kelsey, B. Schneier, D. Wagner, and C. Hall. Cryptanalytic attacks on pseudorandom number generators. In Fast Software Encryption '98, volume 1372 of LNCS, pages 168-188. Springer, 1998.
14. M. R. V. Murray. An implementation of the Yarrow PRNG for FreeBSD. In S. J. Leffler, editor, BSDCon, pages 47-53. USENIX, 2002.
15. D. A. Osvik. personal communication, 2007.
16. T. Ts'o. random.c - linux kernel random number generator. http://www.kernel.org.