[Botan-devel] Windows RNG vulnerability
Jack Lloyd
lloyd at randombit.net
Mon Nov 12 16:39:23 EST 2007
Someone has recently published a paper on IACR's eprint service
(http://eprint.iacr.org/2007/419) documenting some rather serious
vulnerabilities in the Windows 2000 implementation of CryptGenRandom.
This function is one of the two (built-in) methods by which Botan gets
seed information for the PRNG on Windows systems. It is unknown at
this time if earlier/later versions are similarly vulnerable.
Hopefully, using both es_capi (CryptGenRandom) and es_win32 (gathering
process snapshot data) together will provide sufficient entropy that
trivial attacks like the one described in the paper are not possible,
and anyone using Botan on Windows should make sure that both modules
are enabled.
Suggestions for other reasonable sources of entropy on Windows are
certainly welcome. Patches would be even more welcome.
-Jack
More information about the botan-devel
mailing list