In association with heise online

23 November 2007, 12:19

Windows XP random number generator flawed

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

According to reports in the US media, Microsoft has conceded that the pseudo-random number generator (PRNG) used by Windows XP suffers from the same problems that affect Windows 2000. However, the software giant does not consider the flaw to be a security vulnerability and has no plans to fix the problem prior to the release of Windows XP Service Pack 3 (SP3) in the first half of 2008. Whether there will ever be a fix for Windows 2000 remains uncertain, but Vista is said to be unaffected.

University researchers in Israel recently published a paper showing that random numbers in Windows 2000 were easy to compute and that the number generator itself was vulnerable to attack. This could have serious consequences for the security of some crypto applications such as encryption programs, banking software, DRM systems and SSL. The problem did not in itself represent a direct threat, since any attacker would first have to penetrate the system.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit