Prominent Examples of Random Number Generator Security Issues
Early versions of Netscape's Secure Socket Layer (SSL) encryption protocol used pseudo-random quantities derived from a PRNG seeded with three variable values: the time of day, the process ID, and the parent process ID. These quantities are often relatively predictable, and so have little entropy and are less than random, and so that version of SSL was found to be insecure as a result. The problem was reported to Netscape in 1994 by Phillip Hallam-Baker, then a researcher in the CERN Web team, but was not fixed prior to release. The problem in the running code was discovered in 1995 by Ian Goldberg and David Wagner, who had to reverse engineer the object code because Netscape refused to reveal the details of its random number generation (security through obscurity). That RNG was fixed in later releases (version 2 and higher) by more robust (i.e., more random and so higher entropy from an attacker's perspective) seeding.
Microsoft uses an unpublished algorithm to generate random values for its Windows operating system. These random quantities are made available to users via the CryptGenRandom utility. In November 2007, Leo Dorrendorf et al. from the Hebrew University of Jerusalem and University of Haifa published a paper titled Cryptanalysis of the Random Number Generator of the Windows Operating System. The paper presented serious weaknesses in the Microsoft approach. The paper's conclusions were based on disassembly of the code in Windows 2000, but according to Microsoft apply to XP as well.
The U.S. National Institute of Standards and Technology has published a collection of "deterministic random bit generators" it recommends as NIST Special Publication 800-90. One of the generators, Dual EC DRBG, was favored by the National Security Agency. Dual_EC_DRBG uses elliptic curve technology and includes a set of recommended constants. In August 2007, Dan Shumow and Niels Ferguson of Microsoft showed that the constants could be constructed in such a way as to create a secret backdoor to the algorithm.
In May, 2008, security researcher Luciano Bello revealed his discovery that changes made in 2006 to the random number generator in the version of the openssl package distributed with Debian GNU/Linux and other Debian-based distributions, such as Ubuntu, dramatically reduced the entropy of generated values and made a variety of security keys vulnerable to attack. The security weakness was caused by changes made to the openssl code by a Debian developer in response to compiler warnings of apparently redundant code. Key types affected include SSH keys, OpenVPN keys, DNSSEC keys, key material for use in X.509 certificates and session keys used in SSL/TLS connections. Keys generated with GnuPG or GNUTLS are not affected as these programs used different methods to generate random numbers. Non-Debian-based Linux distributions are also unaffected. This security vulnerability was promptly patched after it was reported.
In December 2010, a group calling itself fail0verflow announced recovery of the ECDSA private key used by Sony to sign software for the PlayStation 3 game console. The attack was made possible because Sony failed to generate a new random nonce for each signature.
Read more about this topic: Random Number Generator Attack
Famous quotes containing the words prominent, examples, random, number, generator, security and/or issues:
“The vain man does not wish so much to be prominent as to feel himself prominent; he therefore disdains none of the expedients for self-deception and self-outwitting. It is not the opinion of others that he sets his heart on, but his opinion of their opinion.”
—Friedrich Nietzsche (1844–1900)
“There are many examples of women that have excelled in learning, and even in war, but this is no reason we should bring ‘em all up to Latin and Greek or else military discipline, instead of needle-work and housewifry.”
—Bernard Mandeville (1670–1733)
“And catch the gleaming of a random light,
That tells me that the ship I seek is passing, passing.”
—Paul Laurence Dunbar (1872–1906)
“The Oregon [matter] and the annexation of Texas are now all- important to the security and future peace and prosperity of our union, and I hope there are a sufficient number of pure American democrats to carry into effect the annexation of Texas and [extension of] our laws over Oregon. No temporizing policy or all is lost.”
—Andrew Jackson (1767–1845)
“He admired the terrible recreative power of his memory. It was only with the weakening of this generator whose fecundity diminishes with age that he could hope for his torture to be appeased. But it appeared that the power to make him suffer of one of Odette’s statements seemed exhausted, then one of these statements on which Swann’s spirit had until then not dwelled, an almost new word relayed the others and struck him with new vigor.”
—Marcel Proust (1871–1922)
“The reins of government have been so long slackened, that I fear the people will not quietly submit to those restraints which are necessary for the peace and security of the community.”
—Abigail Adams (1744–1818)
“Cynicism formulates issues clearly, but only to dismiss them.”
—Mason Cooley (b. 1927)