OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: Using RC4 as a randomness pool
From: Peter Gutmann (pgut001cs.auckland.ac.nz)
Date: Tue Oct 31 2000 - 05:54:10 CST


Luke Kenneth Casson Leighton <lkclsamba.org> writes:

>microsoft use rc4 as a RNG. they use an 8192 byte stream. they take
>statistics from the kernel [same data as presented by Perfmon.exe], the last N
>bytes of the stream [N is a forgotten quantity: this was described in passing
>two years ago, after all] to generate the rc4 key for the next stream.

The default NT setup has Everyone:Read permissions for the
\\HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\PerfLib key,
which is the key for the performance counters. This means that everyone on the
network can read your machine's performance counters, and therefore your RNG
seed.

>the kernel statistics are updated in the NT registry, what, 30 times a second?

It varies by counter type from "very rarely" to "frequently" (maybe several
times a second).

>please, try not to make the same mistake.

Even with the masses of security mistakes MS makes, there are still plenty of
other ones to choose from :-).

Peter.