August 9, 2015 02:00 pm
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/f6oYRhh4id8/linux-servers-entropy-pool-too-shallow-compromising-security
Linux Servers' Entropy Pool Too Shallow, Compromising Security
The BBC reports that Black Hat presenters Bruce Potter and Sasha Moore described at this year's Black Hat Briefings a security flaw in Linux servers: too few events are feeding the entropy pool from which random numbers are drawn, which leaves the systems "more susceptible to well-known attacks." Unfortunately, [Potter] said, the entropy of the data streams on Linux servers was often very low because the machines were not generating enough raw information for them.Also, he said, server security software did little to check whether a data stream had high or low entropy.These pools often ran dry leaving encryption systems struggling to get good seeds for their random number generators, said Mr Potter. This might meant they were easier to guess and more susceptible to a brute force attack because seeds for new numbers were generated far less regularly than was recommended.Read more of this story at Slashdot.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/f6oYRhh4id8/linux-servers-entropy-pool-too-shallow-compromising-security
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot