«上一篇/Previous Article|本期目录/Table of Contents|下一篇/Next Article»

《计算机技术与发展》[ISSN:1006-6977/CN:61-1281/TN]

卷:

期数:

2007年10期

页码:

109-112

栏目:

智能、算法、系统工程

出版日期:

1900-01-01

文章信息/Info

Title:

Theory and Flaw of Linux Random Number Generator

文章编号:

1673-629X（2007）10-0109-04

作者:

曹润聪 曹立明

同济大学电信学院

Author(s):

CAO Run-eong;  CAO Li-ming

School of Electronic Information, Tonal Univ

关键词:

Linux操作系统; Linux随机数生成器（LRNG）; 熵; 安全漏洞

Keywords:

Linux OS;  Linux random number generator;  entropy;  security vulnerabilities

分类号:

TP311

文献标志码:

A

摘要:

Linux操作系统是目前最流行的开源项目之一。Linux的随机数生成器是所有类Linux操作系统内核的重要组成部分，生成器的输入来自于操作系统中随机事件的熵值，输出几乎涵盖系统中的每一个安全协议，例如生成TLS／SSL的密钥、TCP的序列号，以及用于对文件系统和电子邮件进行加密。尽管随机数生成器是开源项目的一部分，它的源代码（大约2500行）却没有很好的文档支持，并且分散于多个代码片段当中。文中将学习随机数生成器原理与应用。详细阐述了随机数生成器的算法，并指出了算法中所隐藏的安全漏洞。还展示了如何对生成器

Abstract:

Linux is the most popular open source project. The Linux random number generator is part of the kernel of all Linux distributions and is based on generating randomness from entropy of operating system events. The output of this generator is used for almost every security protocol, including TLS/SSL key generation, choosing TCP sequence numbers, and file system and email encryption. Although the generator is part of an open source project, its source code （about 2500 lines of code） is poorly documented, and patched with hundreds of code patches. Used dynamic and static reverse engineering to learn the operation of this generator. Presents a description of the underlying algorithms and exposes several security vulnerabilkies. In particular,show an attaek on the forward security of the generator which enables an adversary who exposes the state of the generator to compute previous states and outputs. In addition present a few eryptngraphie flaws in the design of the generator,as well as some advice and solutions for those flaws

备注/Memo

备注/Memo:

曹润聪（1983-），男，安徽蚌埠人，硕士研究生，研究方向为模式识别与智能系统；曹立明，教授，博士生导师，研究方向为智能分布式系统

常用功能

更新日期/Last Update: 1900-01-01