The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


[UNIX] Holes in the Linux Random Number Generator


<< Previous INDEX Search src / Print Next >>
From: SecuriTeam <support@securiteam.com.>
To: [email protected]
Date: 11 May 2006 16:45:43 +0200
Subject: [UNIX] Holes in the Linux Random Number Generator
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <20060511141953.2CE1E57EC@mail.tyumen.ru.>
X-Virus-Scanned: antivirus-gw at tyumen.ru

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html 

- - - - - - - - -




  Holes in the Linux Random Number Generator
------------------------------------------------------------------------


SUMMARY

This new paper which is about to appear later this month (May, 2006) on 
the IEEE security and privacy conference describes holes in Linux's random 
number generator, as well as a clear description of the Linux /dev/random.

DETAILS

The Linux random number generator is part of the kernel of all Linux 
distributions and is based on generating randomness from entropy of 
operating system events. The output of this generator is used for almost 
every security protocol, including TLS/SSL key generation, choosing TCP 
sequence numbers, and file system and email encryption.
Although the generator is part of an open source project, its source code 
(about $2500$ lines of code) is poorly documented, and patched with 
hundreds of code patches.

We used dynamic and static reverse engineering to learn the operation of 
this generator.  
<http://www.gutterman.net/publications/GuttermanPinkasReinman2006.pdf>; 
This paper presents a description of the underlying algorithms and exposes 
several security vulnerabilities. In particular, we show an attack on the 
forward security of the generator which enables an adversary who exposes 
the state of the generator to compute previous states and outputs. In 
addition we present a few cryptographic flaws in the design of the 
generator, as well as measurements of the actual entropy collected by it, 
and a critical analysis of the use of the generator in Linux distributions 
on disk-less devices.

Our main results are:
1. Clear description of the Linux /dev/random (Which was far from trivial 
and very complex).

2. Attack on /dev/random forward security (which is mostly theoretic at 
the moment because it requires break-in to the computer but is very simple 
to mount and break an important block in almost any crypt algorithm).

3. Concerning findings about the Linux software engineering process 
regarding security.

Vendor Status:
The Linux moderator of /dev/random did not answer our attempts at 
contacting him.


ADDITIONAL INFORMATION

This is a joint work of Zvi Gutterman, Benny Pinkas and Tzachy Reinman to 
appear in IEEE S&P (Oakland Conference), May 2006.
The paper can be downloaded from:  
<http://www.gutterman.net/publications/GuttermanPinkasReinman2006.pdf>; 
http://www.gutterman.net/publications/GuttermanPinkasReinman2006.pdf




This bulletin is sent to members of the SecuriTeam mailing list. To unsubscribe from the list, send mail with an empty subject line and body to: [email protected] In order to subscribe to the mailing list, simply forward this email to: [email protected]

DISCLAIMER: The information in this bulletin is provided "AS IS" without warranty of any kind. In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

<< Previous INDEX Search src / Print Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру