Quoting from a discussion of threat posed by software virtualization as found in Symantec's ISTR:xi, released today:
The second type of threat that Symantec believes could emerge is related to the impact that softwarevirtualized computers may have on random number generators that are used inside guest operating systems on virtual machines. This speculation is based on some initial work done by Symantec Advanced Threat Research in a paper on GS and ASLR in Windows Vista. This research showed that the method used to generate the random locations employed in some security technologies would, under certain circumstances, differ wildly in a software-virtualized instance of the operating system. If this proves to be true, it could have considerable implications for a number of different technologies that rely on good randomness, such as unique identifiers, as well as the seeds used in encryption.
--dan --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
