Re: Fw: PasswordSafe 3.0 weak random number generator allows key recovery attack
- From: "Adam W. Montville" <awm@xxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 23 Mar 2006 14:11:01 -0800
Markus Jansson wrote:
PasswordSafe 3.0 utilizes two different random number generator (RNG)
functions: Win32 API RtlGenRandom() and standart Visual C++ rand().
RtlGenRandom() is not available on Windows prior to Windows XP (i.e.
Windows 2000, Windows NT, Windows Me) so rand() is used instead.
Specifically, rand() is used to generate 256-bit database encryption
key. It is widely known that using rand() in cryptographic
applications is not secure due to its predictbility and small
internal state.
...
I wonder how many people using Password Safe 3.0 would be using anything older than Windows XP?
--
*Adam W. Montville, CISSP*
awm@xxxxxxxxxxxxxxxxxxxxx
*ICQ: 271-685-874*
.
- References:
- Fw: PasswordSafe 3.0 weak random number generator allows key recovery attack
- From: Markus Jansson
- Fw: PasswordSafe 3.0 weak random number generator allows key recovery attack
- Prev by Date: Fw: PasswordSafe 3.0 weak random number generator allows key recovery attack
- Next by Date: Re: The most popular stream ciphers and their security?
- Previous by thread: Fw: PasswordSafe 3.0 weak random number generator allows key recovery attack
- Next by thread: Re: Fw: PasswordSafe 3.0 weak random number generator allows key recovery attack
- Index(es):
Relevant Pages
|
