Analysis of the Random Number Generator Using MD5 PRNG in Linux Kernel
نویسندگان
چکیده
When random numbers are needed, kernel level threads can use at least one of two random number generators (RNGs), called LRNG and MD5 PRNG. LRNG is a well-known cryptographic RNG accessed via /dev/(u)random and MD5 PRNG provides a function interface get_random_int(). While the /dev/(u)random has been investigated a lot, MD5 PRNG had been regarded as a less important one. In this paper, we demonstrate MD5 PRNG is vulnerable against a generic attack by searching entropy source in some embedded systems. In fact, once a random number is obtained, one can predict previous outputs of MD5 PRNG. Even though the RNG uses high resolution clock of microsecond unit as an entropy source, we can recover random number by reducing search space. We suggest a generic attack which the attacker just guesses entropy source at most 2 times. This attack can be done within 74 hours using parallel implementation with NVIDIA GeForce Titan X.
منابع مشابه
The e2random Entropy Harvester and PRNG for Linux
Many efficient methods of generating “good” random numbers exist in the literature of mathematics and computer science. One particular method of generating usable randomness is with “extractors”: graphs which will transform “bad” randomness (i.e. a smaller ratio of entropy/data, or randomness distributed poorly) to “good” randomness (of a provable level of security) by an additional input of on...
متن کاملThe Linux Pseudorandom Number Generator Revisited
The Linux pseudorandom number generator (PRNG) is a PRNG with entropy inputs which is widely used in many security related applications and protocols. This PRNG is written as an open source code which is subject to regular changes. It was last analyzed in the work of Gutterman et al. in 2006 [GPR06] but since then no new analysis has been made available, while in the meantime several changes ha...
متن کاملSecurity Analysis of Pseudo-Random Number Generators
A pseudo-random number generator (PRNG) is a deterministic algorithm that produces numbers whose distribution is indistinguishable from uniform. A formal security model for PRNGs with input was proposed in 2005 by Barak and Halevi (BH). This model involves an internal state that is refreshed with a (potentially biased) external random source, and a cryptographic function that outputs random num...
متن کاملExtending OPNET Modeler with External Pseudo Random Number Generators and Statistical Evaluation by the Limited Relative Error Algorithm
Pseudo Random Number Generators (PRNG) are the base for stochastic simulations. The usage of good generators is essential for valid simulation results. OPNET Modeler a well-known tool for simulation of communication networks provides a Pseudo Random Number Generator. The extension of OPNET Modeler with external generators and additional statistical evaluation methods that has been performed for...
متن کاملProposal of primitive polynomials for Linux kernel PRNG
The polynomials defining the LFSRs of the linux Kernel PRNG are irreducible but not primitive. As a result, the space of numbers generated by these LFSRs does not fill all the space. We propose in this paper more optimal polynomials which increase by a factor of 3 the space of the random numbers generated by these LFSRs. The polynomials used in the current implementation of the PRNG and the poi...
متن کامل