Window's random number generator not random enough

 

Gallery

By Matthew Sparkes

Posted on 14 Nov 2007 at 10:23

A flaw in the way that random numbers are generated in Windows could enable hackers to predict SSL keys, laying browsing, email and IM communications open to interception.

The research, carried out at the University of Haifa in Israel, was conducted on Windows 2000, but it is likely that the same method is used to create random numbers in XP and Vista.

"We reconstructed, for the first time, the algorithm used by the pseudo-random number generator. We analysed the security of the algorithm and found a non-trivial attack: given the internal state of the generator, the previous state can be computed," says the the research paper.

Predicting future random numbers relies on knowing the initial state of the stack. Once this is known, it is possible to predict up to 128kb of output from the generator, after which Windows refreshes the state of the generator.

"We also analysed the way in which the generator is run by the operating system, and found that it amplifies the effect of the attacks: The generator is run in user mode rather than in kernel mode, and therefore it is easy to access its state even without administrator privileges."

The research claims that a simple buffer overflow could be used to obtain the value of the stack, which could then be used to predict future SSL keys.