OOPS? (cryptography)

Dwarven Pirate · 11-28-2007, 15:16 PM

Schneier on Security: The Strange Story of Dual_EC_DRBG

Backdoor in NSA encryption standard.

Ryan Bailey · 11-28-2007, 18:43 PM

From Greg Alexander:
"...More details.... The previous post was about the "Analysis of the Linux Random Number Generator." I decided to read "Cryptanalysis of the Random Number Generator of the Windows Operating System" from Dorrendorf/Gutterman/Pinkas, for contrast. I find it odd that the flaws in the Windows generator are described as "a flaw" while the FUD about the Linux generator is described as "flaws". Let me compare and contrast:

* Entropy:
+ Linux: maybe predictable, if the moon lines up just right and you squint
+ Windows: only used every 128kB, not used for seed, and therefore mostly irrelevant
* forward-security attack:
+ Linux: possible to go back one value if there is no intervening entropy and if you have full access to kernel, O(2^64) or harder
+ Windows: possible to go back up to 128kB values with just access to user memory, O(2^23)
* backward-security attack:
+ Linux: O(1) iff there are *no* entropy events occurring whatsoever
+ Windows: O(1) for 128kB no matter what

The vulnerabilities are not even in the same realm. The Windows vulnerabilities are the sort of things that can and will be exploited in The Real World we all Know And Love. The Linux vulnerabilities are grasping at straws"

Friends, Is he not correct that the work shows prejudice ?

11-28-2007, 15:16 PM	#1 (permalink)
Dwarven Pirate Contributor Join Date: 08-20-07 Posts: 325	OOPS? (cryptography) Schneier on Security: The Strange Story of Dual_EC_DRBG Backdoor in NSA encryption standard.

11-28-2007, 18:43 PM	#2 (permalink)
Ryan Bailey *Military Professional* Join Date: 09-25-07 Location: Megalopolis, US Posts: 140 Country:	From Greg Alexander: "...More details.... The previous post was about the "Analysis of the Linux Random Number Generator." I decided to read "Cryptanalysis of the Random Number Generator of the Windows Operating System" from Dorrendorf/Gutterman/Pinkas, for contrast. I find it odd that the flaws in the Windows generator are described as "a flaw" while the FUD about the Linux generator is described as "flaws". Let me compare and contrast: * Entropy: + Linux: maybe predictable, if the moon lines up just right and you squint + Windows: only used every 128kB, not used for seed, and therefore mostly irrelevant * forward-security attack: + Linux: possible to go back one value if there is no intervening entropy and if you have full access to kernel, O(2^64) or harder + Windows: possible to go back up to 128kB values with just access to user memory, O(2^23) * backward-security attack: + Linux: O(1) iff there are no entropy events occurring whatsoever + Windows: O(1) for 128kB no matter what The vulnerabilities are not even in the same realm. The Windows vulnerabilities are the sort of things that can and will be exploited in The Real World we all Know And Love. The Linux vulnerabilities are grasping at straws" Friends, Is he not correct that the work shows prejudice ? __________________ "If we will not be governed by God then we will be ruled by tyrants" -William Penn

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Oops! – Swedish Style	Amled	Political Discussions	2	10-17-2006 02:25 AM
Oops....	Jay	World Affairs Board Pub	4	12-11-2005 13:25 PM
oops we miscalculated something here.	Brad	Pics & Videos	4	02-03-2005 13:19 PM

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)