Analysis of the Linux Random Number Generator

Berkeley/Oakland, California May 21-May 24

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/SP.2006.5

2006 IEEE Symposium on Security and P ...

	This Article
	PURCHASE ARTICLE: $19 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Zvi Gutterman Articles by Benny Pinkas Articles by Tzachy Reinman

	ASCII Text	x
	Zvi Gutterman, Benny Pinkas, Tzachy Reinman, "Analysis of the Linux Random Number Generator," Security and Privacy, IEEE Symposium on, pp. 371-385, 2006 IEEE Symposium on Security and Privacy (S&P'06), 2006.

	BibTex	x
	@article{ 10.1109/SP.2006.5, author = {Zvi Gutterman and Benny Pinkas and Tzachy Reinman}, title = {Analysis of the Linux Random Number Generator}, journal ={Security and Privacy, IEEE Symposium on}, volume = {0}, year = {2006}, issn = {1081-6011}, pages = {371-385}, doi = {http://doi.ieeecomputersociety.org/10.1109/SP.2006.5}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Security and Privacy, IEEE Symposium on TI - Analysis of the Linux Random Number Generator SN - 1081-6011 SP371 EP385 A1 - Zvi Gutterman, A1 - Benny Pinkas, A1 - Tzachy Reinman, PY - 2006 KW - null VL - 0 JA - Security and Privacy, IEEE Symposium on ER -

Zvi Gutterman, Safend and The Hebrew University of Jerusalem

Benny Pinkas, University of Haifa

Tzachy Reinman, Hebrew University of Jerusalem

Linux is the most popular open source project. The Linux random number generator is part of the kernel of all Linux distributions and is based on generating randomness from entropy of operating system events. The output of this generator is used for almost every security protocol, including TLS/SSL key generation, choosing TCP sequence numbers, and file system and email encryption. Although the generator is part of an open source project, its source code (about 2500 lines of code) is poorly documented, and patched with hundreds of code patches.

We used dynamic and static reverse engineering to learn the operation of this generator. This paper presents a description of the underlying algorithms and exposes several security vulnerabilities. In particular, we show an attack on the forward security of the generator which enables an adversary who exposes the state of the generator to compute previous states and outputs. In addition we present a few cryptographic flaws in the design of the generator, as well as measurements of the actual entropy collected by it, and a critical analysis of the use of the generator in Linux distributions on diskless devices.

Citation:

Zvi Gutterman, Benny Pinkas, Tzachy Reinman, "Analysis of the Linux Random Number Generator," sp, pp.371-385, 2006 IEEE Symposium on Security and Privacy (S&P'06), 2006

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.