Reverse engineering cracks Windows encryption
Random number generator spills the beans, say academics; Microsoft says it's no problem
Computerworld - Israeli researchers who have reverse-engineered a critical component of Windows' encryption technology say attackers could exploit flaws to decipher secured information. Microsoft Corp. has downplayed the threat.
In a paper published earlier this month, Benny Pinkas from the University of Haifa and two Hebrew University graduate students, Zvi Gutterman and Leo Dorrendorf, described how they recreated the algorithm used by Windows 2000's pseudo-random number generator (PRNG). They also spelled out vulnerabilities in the CryptGenRandom function, which calls on the algorithm.
Windows and its applications use the PRNG to create random encryption keys, which are in turn used to encrypt files and e-mail messages, and by the Secure Socket Layer protocol. SSL secures virtually every important Internet data transmission, including information from consumers to online retailers, and from bank customers to their online accounts.
By cracking the PRNG's algorithm, Pinkas and his team were able to predict its future results and uncover what it had come up with in the past, which then let them compute both previous and future encryption keys. They also discovered multiple design flaws in the algorithm that they said could give hackers the keys to the kingdom.
One of the flaws let Pinkas calculate the keys that had already been used on a Windows 2000 machine. In effect, given even remote access to the machine, a hacker could uncover encryption keys that had been generated, and thus the passwords -- or other information -- which had been used, even if they weren't saved elsewhere on the system. "If you know the 'state' of the PRNG, it should be hard to predict its previous state," said Pinkas yesterday. "It should be like a one-way street. Going backward [in time] should be impossible. But we found a way to very efficiently predict previous states of the PRNG."
That's a major bug, and one that should not have been overlooked, Pinkas added. "It's very well known how to construct a one-way generator. The fact that the PRNG used by Windows 2000 does not provide [this] demonstrates that the design is flawed."
Another problem with Windows' PRNG, added Pinkas, is that a single peek at the current state of its calculations can expose a huge amount of information. Unlike other operating systems such as Linux, Windows only refreshes its "randomness" after the PRNG has produced 128K of output. And since a typical SSL connection between, say, Internet Explorer and a bank consumes just 100-200 bytes of output, it's possible to predict 600-1,200 different SSL connections.
"Once we get the state of the PRNG, we can simulate its future state until the generator is refreshed with new random data," said Pinkas. "But that represents several hundred SSL connections."
- Enable secure remote access to 3D data without sacrificing visual perfomance Design and manufacturing companies must adapt quickly to the demands of an increasingly global and competitive economy. To speed time to market for...
- Virtually Delivered High Performance 3D Graphics "A picture is worth a thousand words." That old phrase is as true today as it ever was. Pictures (i.e., those with heavy...
- Best Practices for Securing Hadoop Historically, Apache Hadoop has provided limited security capabilities. To protect sensitive data being stored and analyzed in Hadoop, security architects should use a...
- Top Tips for Securing Big Data Environments: Why Big Data Doesn't Have to Mean Big Security Challenges Organizations must come to terms with the security challenges they introduce. As big data environments ingest more data, organizations will face significant risks...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!