Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
Note: You can take 10% off all Slashdot Deals with coupon code "slashdot10off." ×

Submission + - Linux RNG may be insecure after all->

Okian Warrior writes: As a followup to Linus's opinion of people skeptical of the linux random number generator, a new paper analyzes the robustness of /dev/urandom and /dev/urandom.

From the paper: "From a practical side, we also give a precise assessment of the security of the two Linux PRNGs, /dev/random and /dev/urandom. In particular, we show several attacks proving that these PRNGs are not robust according to our definition, and do not accumulate entropy properly. These attacks are due to the vulnerabilities of the entropy estimator and the internal mixing function of the Linux PRNGs. These attacks against the Linux PRNG show that it does not satisfy the "robustness" notion of security, but it remains unclear if these attacks lead to actual exploitable vulnerabilities in practice."

Link to Original Source
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Linux RNG may be insecure after all

Comments Filter:

Variables don't; constants aren't.

Working...