Folks, does anyone know why predictable process IDs are considered harmful?
Thanks for all the responses. I was analysing the randomness of the Windows random number generator - CryptGenRandom() [seems to display a high degree of entropy], and I thought I'd look at the randomness of Windows PID generation at the same time.
I'm sure there are apps out there that attempt to do crypto while seeding their PRNG with a predictable value like the PID. I was just wondering what other attack vectors exist for predictable PIDs.
Cheers, Brett
-- Brett Hutley [MAppFin,CISSP,SANS GCIH] mailto:[EMAIL PROTECTED] http://hutley.net/brett
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
