An item that came up on /. http://eprint.iacr.org/2007/419.pdf http://it.slashdot.org/article.pl?sid=07/11/12/1528211
Quote: The pseudo-random number generator (PRNG) used by the Windows operating system is the most commonly used PRNG. The pseudo-randomness of the output of this generator is crucial for the security of almost any application running in Windows. Nevertheless, its exact algorithm was never published. We examined the binary code of a distribution of Windows 2000, which is still the second most popular operating system after Windows XP. (This investigation was done without any help from Microsoft.) We reconstructed, for the ¯rst time, the algorithm used by the pseudo- random number generator (namely, the function CryptGenRandom). We analyzed the security of the algorithm and found a non-trivial attack: given the internal state of the generator, the previous state can be computed in O(223) work (this is an attack on the forward-security of the generator, an O(1) attack on backward security is trivial). The attack on forward-security demonstrates that the design of the generator is °awed, since it is well known how to prevent such attacks. Interesting read. -- Regards, Kym Farnik mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] http://www.farnik.com Trivia: My 1st Computer http://en.wikipedia.org/wiki/IBM_1130 Phone: +61 8 8265 5324 Mobile: 0438 014 007
---------------------------------------------------------------------- For information about J forums see http://www.jsoftware.com/forums.htm
