# Cryptanalysis of the random number generator of the Windows operating system

@article{Dorrendorf2009CryptanalysisOT, title={Cryptanalysis of the random number generator of the Windows operating system}, author={Leo Dorrendorf and Zvi Gutterman and Benny Pinkas}, journal={ACM Trans. Inf. Syst. Secur.}, year={2009}, volume={13}, pages={10:1-10:32} }

The PseudoRandom Number Generator (PRNG) used by the Windows operating system is the most commonly used PRNG. The pseudorandomness of the output of this generator is crucial for the security of almost any application running in Windows. Nevertheless, its exact algorithm was never published.
We examined the binary code of a distribution of Windows 2000. This investigation was done without any help from Microsoft. We reconstructed the algorithm used by the pseudorandom number generator (namely…

## Figures and Tables from this paper

## 101 Citations

The Linux Pseudorandom Number Generator Revisited

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2012

The PRNG architecture in the Linux system is detailed and its first accurate mathematical description and a precise analysis of the building blocks are provided, including entropy estimation and extraction, which gives the feasibility of cryptographic attacks and an empirical test of the entropy estimator.

Safe cryptographic random number generation using untrusted generators

- Computer Science, Mathematics2014 IEEE International Conference on Communications (ICC)
- 2014

This paper proposes a simple method to obtain a secure TRNG based on n TRNGs originating from (potentially) untrusted vendors, and reviews several choices of functions to be used as combiner.

Characterization of Real-Life PRNGs under Partial State Corruption

- Computer Science, MathematicsCCS
- 2014

This work formalizes a framework based on the most recent and strongest security model called robustness ofPRNGs to analyze these PRNGs and their implementations and captures the notion of how much of the internal state must be corrupted in order to generate a predictable output.

Investigation of Strength and Security of Pseudo Random Number Generators

- Computer Science
- 2021

This research work extensively surveys large set of state-of-the-art PRNGs and categorizes them based on methodology used to produce them, and quantitatively analyses them for their key space, key sensitivity, entropy, speed of bit generation, linear complexity.

ANALYSIS OF ANDROID RANDOM NUMBER GENERATOR

- Computer Science
- 2013

It is found that security of random number generation done by Android relies on the security ofRandom number generation of Linux and this process should be analyzed deeply and cryptographically for different operating systems.

Practical State Recovery Attacks against Legacy RNG Implementations

- Computer ScienceCCS
- 2018

A systematic study of publicly available FIPS 140- 2 certifications for hundreds of products that implemented the ANSI X9.17/X9.31 random number generator found twelve whose certification documents use of static, hard-coded keys in source code, leaving the implementation vulnerable to an attacker who can learn this key from the source code or binary.

Convolution Neural Network-Based Sensitive Security Parameter Identification and Analysis

- Computer Science, MathematicsWireless Communications and Mobile Computing
- 2022

Attack scenarios in which random numbers can be analyzed by identifying data used in the model learned through this study when a random cryptographic module is obtained are established.

Cryptography: all-out attacks or how to attack cryptography without intensive cryptanalysis

- Computer Science, MathematicsJournal in Computer Virology
- 2008

Classic methods used in network supervision, forensics and sociology while studying social networks bring pertinent information, for example sociograms able to reveal key elements of an organization, to determine the type of organization, etc.

New Entropy Source for Cryptographic Modules Using OpenMP in Multicore CPUs

- Computer Science, Mathematics
- 2013

This paper suggests a method for generating entropy source using parallel computations with OpenMP and verifies the experimental results based on the min-entropy estimation and concludes that a new source of randomness can be obtained from the race conditions in multicore environments.

A Systematic Analysis of the Juniper Dual EC Incident

- Computer ScienceIACR Cryptol. ePrint Arch.
- 2016

It is found that, contrary to Juniper's public statements, the ScreenOS VPN implementation has been vulnerable since 2008 to passive exploitation by an attacker who selects the Dual EC curve point.

## References

SHOWING 1-10 OF 42 REFERENCES

Analysis of the Linux random number generator

- Computer Science2006 IEEE Symposium on Security and Privacy (S&P'06)
- 2006

A description of the underlying algorithms and exposes several security vulnerabilities of the Linux random number generator are presented, and an attack on the forward security of the generator is shown which enables an adversary who exposes the state of the generators to compute previous states and outputs.

Software Generation of Practically Strong Random Numbers

- Computer Science, MathematicsUSENIX Security Symposium
- 1998

The performance of the generator on a variety of systems is analysed, and measures which can make recovery of the accumulator/generator state information more difficult for an attacker are presented.

Cryptanalytic Attacks on Pseudorandom Number Generators

- Computer Science, MathematicsFSE
- 1998

It is argued that PRNGs are their own unique type of cryptographic primitive, and should be analyzed as such, and a model forPRNGs is proposed, and possible attacks against this model are discussed.

An Implementation of the Yarrow PRNG for FreeBSD

- Computer ScienceBSDCon
- 2002

This work presents an implementation of an improved algorithm for providing statistically random numbers, at the same time cryptographically protecting their sequence and state, as the entropy device (/dev/random) in FreeBSD's kernel.

Cryptography in OpenBSD: An Overview

- Computer Science, MathematicsUSENIX Annual Technical Conference, FREENIX Track
- 1999

An overview of the cryptography employed in OpenBSD is given, including the various components (IPsec, SSL libraries, stronger password encryption, Kerberos IV, random number generators, etc.), their role in system security, and their interactions with the rest of the system (and, where applicable, the network).

Weaknesses in the Key Scheduling Algorithm of RC4

- Computer Science, MathematicsSelected Areas in Cryptography
- 2001

It is shown that RC4 is completely insecure in a common mode of operation which is used in the widely deployed Wired Equivalent Privacy protocol (WEP, which is part of the 802.11 standard), in which a fixed secret key is concatenated with known IV modifiers in order to encrypt different messages.

An Architecture for Robust Pseudo-Random Generation and Applications to /dev/random

- Computer ScienceCCS 2005
- 2005

A formal model and a simple architecture for robust pseudorandom generation that ensures resilience in the face of an observer with partial knowledge (or even partial control) of the generator’s entropy source and advocates the separation of the entropy extraction phase from the output generation phase is presented.

Yarrow-160: Notes on the Design and Analysis of the Yarrow Cryptographic Pseudorandom Number Generator

- Computer Science, MathematicsSelected Areas in Cryptography
- 1999

The design of Yarrow is described, a family of cryptographic pseudo-random number generators (PRNG) that makes use of available technology today and the ways that PRNGs can fail in practice are discussed.

A model and architecture for pseudo-random generation with applications to /dev/random

- Computer Science, MathematicsCCS '05
- 2005

A formal model and a simple architecture for robust pseudorandom generation that ensures resilience in the face of an observer with partial knowledge/control of the generator's entropy source and argues that the former is information-theoretic in nature, and could therefore rely on combinatorial and statistical tools rather than on cryptography.

Extracting Randomness from External Interrupts

- Computer Science
- 2003

The method was originally designed for servers based on the PA RISC and IA-64 architectures and has already successfully been used to create random bit sources in those platforms, and is general enough so that it could be deployed on a much wider spectrum of computer system architectures.