BROADCASTS.com

b'Linux\\xae is the most popular open source project. The Linux random number generator is part of the kernel of all Linux distributions and is based on generating randomness from entropy of operating system events. The output of this generator is used for almost every security protocol, including TLS/SSL key generation, choosing TCP sequence numbers and file system and email encryption. Although the generator is part of an open source project, its source code (about 2500 lines of code) is poorly documented, and patched with hundreds of code patches. We used dynamic and static reverse engineering to learn the operation of this generator.\\n\\t\\n\\tThis presentation offers a description of the underlying algorithms and exposes several security vulnerabilities. In particular, we show an attack on the forward security of the generator which enables an adversary who exposes the state of the generator to compute previous states and outputs. In addition, we present a few cryptographic flaws in the design of the generator, as well as measurements of the actual entropy collected by it, and a critical analysis of the use of the generator in Linux distributions on disk-less devices.\\n\\t\\n\\tZvi Gutterman is CTO and co-founder of Safend. As CTO, Zvi designs key Safend technologies such as the algorithms and theory behind Safend Auditor and Safend Protector implementation. He is responsible for maintaining Safend\'s competitive advantage through cutting-edge innovation. Prior to co-founding Safend, Zvi was with ECTEL (NASDAQ:ECTX), performing as a chief architect in the IP infrastructure group. He also previously served as an officer in the Israeli Defense Forces (IDF) Elite Intelligence unit. He holds Master\'s and Bachelor\'s degrees in Computer Science from the Israeli Institute of Technology and is a Ph.D. candidate at the Hebrew University of Jerusalem, focusing on security, network protocols, and software engineering."'