November 22, 2007

Microsoft officials confirmed late Tuesday that Windows XP contains a significant random number generator bug.

According to Computerworld:
"The researchers, Benny Pinkas from the University of Haifa and two Hebrew University graduate students, Zvi Gutterman and Leo Dorrendorf, reverse-engineered the algorithm used by Windows 2000's pseudo-random number generator (PRNG), then used that knowledge to pick apart the operating system's encryption. Attackers could exploit a weakness in the PRNG, said Pinkas and his colleagues, to predict encryption keys that would be created in the future as well as reveal the keys that had been generated in the past."

Here are the Links

The Computerworld Article