We used dynamic and static reverse engineering to learn the operation of this generator. This paper presents a description of the underlying algorithms and exposes several security vulnerabilities. In particular, we show an attack on the forward security of the generator which enables an adversary who exposes the state of the generator to compute previous states and outputs. In addition we present a few cryptographic flaws in the design of the generator, as well as measurements of the actual entropy collected by it, and a critical analysis of the use of the generator in Linux distributions on disk-less devices.
Category / Keywords: Date: received 6 Mar 2006 Contact author: zvi at gutterman net Available format(s): PDF | BibTeX Citation Version: 20060307:105843 (All versions of this report) Short URL: ia.cr/2006/086