[81623] in cryptography@c2.net mail archive
virtualization as a threat to RNG
daemon@ATHENA.MIT.EDU (Dan Geer)
Wed Mar 21 17:26:14 2007
To: cryptography@metzdowd.com
From: Dan Geer <dan@geer.org>
Date: Tue, 20 Mar 2007 20:14:26 -0400
Quoting from a discussion of threat posed by software virtualization as
found in Symantec's ISTR:xi, released today:
> The second type of threat that Symantec believes could emerge is
> related to the impact that softwarevirtualized computers may have on
> random number generators that are used inside guest operating systems
> on virtual machines. This speculation is based on some initial work
> done by Symantec Advanced Threat Research in a paper on GS and ASLR in
> Windows Vista. This research showed that the method used to generate
> the random locations employed in some security technologies would,
> under certain circumstances, differ wildly in a software-virtualized
> instance of the operating system. If this proves to be true, it could
> have considerable implications for a number of different technologies
> that rely on good randomness, such as unique identifiers, as well as
> the seeds used in encryption.
--dan
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
