什么是随机数漏洞,什么是脆弱的随机数

电脑在没有用户参与的情况不能产生真正的随机数。

脆弱的随机数（随机数漏洞）只有在程序使用普通的方式产生随机数出现，主要有以下两种情况产生：
1，本来就不是随机数
2，这个产生的随机数是可以预测的，或可以通过某种途径预测到的

如果创造良好的随机数，电脑必须有达到两个条件：
1，一个良好的随机数生成算法
2，随机数生成算法有一个随机的和不可预测随机数种子

脆弱性随机数的例子

代码片断：

srand (time (0));
x=rand();

这个代码产生脆弱的随机号码，它使用的值为1作为默认种子。
其他任何人在相同的机器上用同样编译这段代码，将得到同样的随机数

随机数漏洞：
随机数生成器本地栈溢出

受影响系统：
Linux kernel < 2.6.22

不受影响系统：
Linux kernel 2.6.22

描述：
Linux Kernel是开放源码操作系统Linux所使用的内核。

Linux kernel的随机数生成器（RNG）实现中存在栈溢出漏洞，本地攻击者可能利用此漏洞提升自己的权限。

如果本地root用户将默认的wakeup阀值设置为比输出池大小还要大的值的话，池传输函数就可能用RNG字节写入栈，触发栈溢出，导致拒绝服务或权限提升。

厂商补丁：
Linux
目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：
http://kernel.org/pub/linux/kernel/v2.6/linux-2.6.22.3.tar.bz2

参考以下英文片段
——————————

What is a random number vulnerability?

Computers are deterministic and are therefore predictable. Computers cannot, in and of themselves, generate truly random numbers.

In the absense of outside input, computers can only create pseudo-random numbers.

A random number vulnerability occurs when a program uses a method of generating random numbers which is either:

1. Not random
2. Predictable

To generate good random numbers, the computer must have two things:

1. A good random number generation algorithm
2. A random and unpredicatable seed for the random number generation algorithm

Random Number Vulnerability Examples

Consider the following code snippet:

x=rand();

This code generated bad random numbers because when you call rand() before a seed has been established with srand(), it uses the value 1 as a default seed. Anyone else on the same machine with the same compiler who calls rand() with a seed of 1 will get the same random number as you just did.

Let’s look at another code snippet:

srand (time (0));
x=rand();

This code does call srand() with the current time as a seed. However, this code is still insecure because:

1. The system time is a very bad seed, because it is predictable within a small range.
2. The ANSI C rand() function itself does not generate good random numbers.

Let’s examine a third code snippet:

srandom (time (0));
x=random();

This code uses the BSD random() and srandom() functions, which generate much better random numbers than their ANSI C predecessors. However, this code still uses time() to generate the seed number. A much better source for random numbers on BSD and Linux systems is the /dev/random device.

Number Seeds and Random Number Vulnerabilities

Good seed numbers come from unpredictable events such as user keystrokes or mouse movements. These are not perfect sources of randomness, however. Human behavior is somewhat predictable and computer hardware can buffer keyboard and mouse interrupts, reducing their randomness.

Numerous other random number generators are available for various platforms and development environments. It is extremely difficult to create a good one, and even more difficult to determine if the random number generator you created really is generating random and unpredictable numbers. The best path for most applications is to implement an existing random number generator which has been subject to public cryptanalysis.

Random number vulnerabilities are of interest to hackers when they can be utilized to determine input values to cryptographic functions. This can be utilized in cryptanalysis.

Improper use of the function calls rand() and random() are the normal causes of random number vulnerabilities.

Additional Information Sources on Generating Random Numbers

For more information on generating random numbers, read RFC 1750 - Randomness Recommendations for Security.

百科地址：http://wiki.mygogou.com/doc-view-771.html