TY - GEN
T1 - Analysis of the linux random number generator
AU - Gutterman, Zvi
AU - Pinkas, Benny
AU - Reinman, Tzachy
PY - 2006
Y1 - 2006
N2 - Linux is the most popular open source project. The Linux random number generator is part of the kernel of all Linux distributions and is based on generating randomness from entropy of operating system events. The output of this generator is used for almost every security protocol, including TLS/SSL key generation, choosing TCP sequence numbers, and file system and email encryption. Although the generator is part of an open source project, its source code (about 2500 lines of code) is poorly documented, and patched with hundreds of code patches. We used dynamic and static reverse engineering to learn the operation of this generator. This paper presents a description of the underlying algorithms and exposes several security vulnerabilities. In particular, we show an attack on the forward security of the generator which enables an adversary who exposes the state of the generator to compute previous states and outputs. In addition we present a few cryptographic flaws in the design of the generator, as well as measurements of the actual entropy collected by it, and a critical analysis of the use of the generator in Linux distributions on diskless devices.
AB - Linux is the most popular open source project. The Linux random number generator is part of the kernel of all Linux distributions and is based on generating randomness from entropy of operating system events. The output of this generator is used for almost every security protocol, including TLS/SSL key generation, choosing TCP sequence numbers, and file system and email encryption. Although the generator is part of an open source project, its source code (about 2500 lines of code) is poorly documented, and patched with hundreds of code patches. We used dynamic and static reverse engineering to learn the operation of this generator. This paper presents a description of the underlying algorithms and exposes several security vulnerabilities. In particular, we show an attack on the forward security of the generator which enables an adversary who exposes the state of the generator to compute previous states and outputs. In addition we present a few cryptographic flaws in the design of the generator, as well as measurements of the actual entropy collected by it, and a critical analysis of the use of the generator in Linux distributions on diskless devices.
UR - http://www.scopus.com/inward/record.url?scp=33751027155&partnerID=8YFLogxK
U2 - 10.1109/SP.2006.5
DO - 10.1109/SP.2006.5
M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???
AN - SCOPUS:33751027155
SN - 0769525741
SN - 9780769525747
T3 - Proceedings - IEEE Symposium on Security and Privacy
SP - 371
EP - 385
BT - Proceedings - 2006 IEEE Symposium on Security and Privacy, S+P 2006
T2 - 2006 IEEE Symposium on Security and Privacy, S and P 2006
Y2 - 21 May 2006 through 24 May 2006
ER -