Mobile, TDR

Israeli researchers decipher Windows 2000 random number generator

November 14, 2007
A team of university researchers have disclosed a flaw in Windows 2000's random number generator (RNG). Microsoft has downplayed the vulnerability, saying it could only be exploited by a user of the victimized computer.

The flaw, disclosed last week by researchers from the University of Haifa, Israel, allows an individual to decipher the operating system's RNG, meaning a malicious user could use random encryption keys to track emails, passwords and credit card numbers typed on a computer running Windows 2000.

The group, led by researcher Benny Pinkas, notified Microsoft of the flaw and urged a remedy to the problem.

Pinkas told SCMagazineUS.com today that an attack exploiting the flaw “requires some level of sophistication, but is not too hard,” because an attacker must eavesdrop on an encrypted communication channels, matching messages and the computer from which they originated.

“First the attacker must learn the current state of the RNG, a task that can be done remotely using a buffer overflow or a similar flaw, or by having physical access to the attacked machine. Then the attacker can use the algorithms described in our paper to compute previous and future outputs of the generator. In addition, the attacker needs to obtain the encrypted content it wants to decrypt -- say, by eavesdropping on the communication coming in and out of the machine,” he said. “The most notable feature of our attack is that it can compute keys that were used in the past, before the attacks accessed the machine. I don't know of any other attack that can do that.”

Mark Miller, director of security response for Microsoft, said in a statement today that the company is aware of an encryption vulnerability in CryptGenRandom(), but the flaw can not be exploited from a remote location.

“Our investigation has shown that this is a local information disclosure vulnerability and has no possibility of code execution and cannot be accessed remotely,” he said. “Also, the attack requires physical access to the system as well as the attacker having to be logged on to the computer.”

prestitial ad