Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Random number generator attack
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
===Microsoft Windows 2000/XP random number generator=== Microsoft used an unpublished algorithm to generate random values in older versions of its [[Microsoft Windows|Windows operating system]]. These random quantities are made available to users via the [[CryptGenRandom]] utility. In November 2007, Leo Dorrendorf et al. from the [[Hebrew University of Jerusalem]] and [[University of Haifa]] published a paper titled ''Cryptanalysis of the Random Number Generator of the Windows Operating System''.<ref> {{cite journal |last=Dorrendorf |first=Leo |author2=Gutterman, Zvi |author3=Pinkas, Benny |title=Cryptanalysis of the random number generator of the Windows operating system |journal=ACM Transactions on Information and System Security |date=1 October 2009 |volume=13 |issue=1 |pages=1β32 |doi=10.1145/1609956.1609966 |s2cid=14108026 |url=http://eprint.iacr.org/2007/419.pdf}} </ref> The paper presented serious weaknesses in Microsoft's approach at the time. The paper's conclusions were based on [[disassembly]] of the code in Windows 2000, but according to Microsoft applied to Windows XP as well.<ref name=Keizer2007> {{cite web |last=Keizer |first=Gregg |title=Microsoft confirms that XP contains random number generator bug |date=November 21, 2007 |url=http://www.computerworld.com/s/article/9048438/Microsoft_confirms_that_XP_contains_random_number_generator_bug |work=[[Computerworld]]}} </ref> Microsoft has stated that the problems described in the paper have been addressed in subsequent releases of Windows, which use a different RNG implementation.<ref name=Keizer2007/>
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)