# Analysis of the Linux random number generator

@article{Gutterman2006AnalysisOT, title={Analysis of the Linux random number generator}, author={Zvi Gutterman and Benny Pinkas and Tzachy Reinman}, journal={2006 IEEE Symposium on Security and Privacy (S\&P'06)}, year={2006}, pages={15 pp.-385} }

Linux is the most popular open source project. [... ] Key Method We used dynamic and static reverse engineering to learn the operation of this generator. This paper presents a description of the underlying algorithms and exposes several security vulnerabilities. In particular, we show an attack on the forward security of the generator which enables an adversary who exposes the state of the generator to compute previous states and outputs. In addition we present a few cryptographic flaws in the design of the… Expand

## Figures and Tables from this paper

## 216 Citations

Cryptanalysis of the windows random number generator

- Computer Science, MathematicsCCS '07
- 2007

The pseudo-random number generator used by the Windows operating system is reconstructed, for the first time, and a on-trivial attack is found: given the internal state of the generator, the previous state can be computed in O(223) work, which can then be used to predict all random values used by a process in all its past and future operation.

The Linux Pseudorandom Number Generator Revisited

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2012

The PRNG architecture in the Linux system is detailed and its first accurate mathematical description and a precise analysis of the building blocks are provided, including entropy estimation and extraction, which gives the feasibility of cryptographic attacks and an empirical test of the entropy estimator.

Cryptanalysis of the random number generator of the Windows operating system

- Computer ScienceTSEC
- 2009

The PseudoRandom Number Generator used by the Windows operating system is the most commonly used PRNG and the security of the algorithm is analyzed and a nontrivial attack is found, which can be used to predict all random values used by a process in all its past and future operations.

Entropy transfers in the Linux Random Number Generator

- Computer Science
- 2012

The results show that the main source of randomness in the system is the behavior of the hard drive, and that most random numbers produced by the generator are actually consumed by the kernel itself.

Recoverable Random Numbers in an Internet of Things Operating System

- Computer ScienceEntropy
- 2017

This work analyzes the behavior of the random number generator in Brillo, which inherits that of LRNG, and demonstrates that random numbers of 700 bytes at boot time can be recovered with the success probability of 90% by using time complexity.

The OpenWRT's Random Number Generator Designed Like /dev/urandom and Its Vulnerability

- Computer ScienceCSA/CUTE
- 2016

The WPA/WPA2 authentication protocol and its random number generator is analyzed and some potential cryptographic weaknesses and vulnerabilities of the OpenWRTrandom number generator are pointed out.

ANALYSIS OF ANDROID RANDOM NUMBER GENERATOR

- Computer Science
- 2013

It is found that security of random number generation done by Android relies on the security ofRandom number generation of Linux and this process should be analyzed deeply and cryptographically for different operating systems.

Analysis of the Random Number Generator Using MD5 PRNG in Linux Kernel

- Computer Science, Mathematics
- 2017

This paper demonstrates MD5 PRNG is vulnerable against a generic attack by searching entropy source in some embedded systems, and suggests aGeneric attack which the attacker just guesses entropy source at most 2 times.

Safe cryptographic random number generation using untrusted generators

- Computer Science, Mathematics2014 IEEE International Conference on Communications (ICC)
- 2014

This paper proposes a simple method to obtain a secure TRNG based on n TRNGs originating from (potentially) untrusted vendors, and reviews several choices of functions to be used as combiner.

Design of a pseudo-chaotic number generator as a random number generator

- Computer Science, Mathematics2016 International Conference on Communications (COMM)
- 2016

This paper proposes a new pseudo-chaotic number generator (PCNG) that produces random numbers that is refreshed many times by using entropy source from Linux kernel and results of statistical properties and software security analysis exhibit good performance demonstrating that the proposed generator can be used confidently to produce random numbers.

## References

SHOWING 1-10 OF 27 REFERENCES

Software Generation of Practically Strong Random Numbers

- Computer Science, MathematicsUSENIX Security Symposium
- 1998

The performance of the generator on a variety of systems is analysed, and measures which can make recovery of the accumulator/generator state information more difficult for an attacker are presented.

Can We Trust Cryptographic Software? Cryptographic Flaws in GNU Privacy Guard v1.2.3

- Computer Science, MathematicsEUROCRYPT
- 2004

This paper analyzes parts of the source code of the latest version of GNU Privacy Guard (GnuPG or GPG), a free open source alternative to the famous PGP software, compliant with the OpenPGP standard, and included in most GNU/Linux distributions such as Debian, MandrakeSoft, Red Hat and SuSE.

Extracting Randomness from External Interrupts

- Computer Science
- 2003

The method was originally designed for servers based on the PA RISC and IA-64 architectures and has already successfully been used to create random bit sources in those platforms, and is general enough so that it could be deployed on a much wider spectrum of computer system architectures.

An Architecture for Robust Pseudo-Random Generation and Applications to /dev/random

- Computer ScienceCCS 2005
- 2005

A formal model and a simple architecture for robust pseudorandom generation that ensures resilience in the face of an observer with partial knowledge (or even partial control) of the generator’s entropy source and advocates the separation of the entropy extraction phase from the output generation phase is presented.

An Implementation of the Yarrow PRNG for FreeBSD

- Computer ScienceBSDCon
- 2002

This work presents an implementation of an improved algorithm for providing statistically random numbers, at the same time cryptographically protecting their sequence and state, as the entropy device (/dev/random) in FreeBSD's kernel.

A model and architecture for pseudo-random generation with applications to /dev/random

- Computer Science, MathematicsCCS '05
- 2005

A formal model and a simple architecture for robust pseudorandom generation that ensures resilience in the face of an observer with partial knowledge/control of the generator's entropy source and argues that the former is information-theoretic in nature, and could therefore rely on combinatorial and statistical tools rather than on cryptography.

Cryptography in OpenBSD: An Overview

- Computer Science, MathematicsUSENIX Annual Technical Conference, FREENIX Track
- 1999

An overview of the cryptography employed in OpenBSD is given, including the various components (IPsec, SSL libraries, stronger password encryption, Kerberos IV, random number generators, etc.), their role in system security, and their interactions with the rest of the system (and, where applicable, the network).

Cryptanalytic Attacks on Pseudorandom Number Generators

- Computer Science, MathematicsFSE
- 1998

It is argued that PRNGs are their own unique type of cryptographic primitive, and should be analyzed as such, and a model forPRNGs is proposed, and possible attacks against this model are discussed.

Yarrow-160: Notes on the Design and Analysis of the Yarrow Cryptographic Pseudorandom Number Generator

- Computer Science, MathematicsSelected Areas in Cryptography
- 1999

The design of Yarrow is described, a family of cryptographic pseudo-random number generators (PRNG) that makes use of available technology today and the ways that PRNGs can fail in practice are discussed.

Advanced Encryption Standard

- Computer Science, Mathematics
- 2007

The Advanced Encryption Standard (AES), which implements the Rijndael cipher, is a symmetric block cipher that was developed as a result of a call by the United States National Institute of Standards…