It is not official but Microsoft seems to have added few win32 functions on Windows XP Service Pack 3 (they were not present in Windows XP Service Pack 2) and as programmers we always appreciate such things. The new functions are





So now it is easy to figure out number of cores, CPU relationships (such as in case of hyperthreading CPUs sharing resources) etc on XP SP3. The other functions make it possible to read and write process level Data Execution Prevention (DEP) policy and to be able to read system DEP policy. [I hope there will be a SetSystemDEPPolicy call to change the system DEP policy at some point.]

On the kernel side, fips.sys (officially known as Microsoft Kernel Mode Cryptographic Module) has been updated. The updates are probably related to admirable research work of Pinkas et. al. (circa 2007) on user-mode Windows Pseudo Random Number Generator (PRNG) accessible by Win32 api CryptGenRandom. Their cryptanalysis allowed them to devise both forward and backward security attacks (ie. given a state whether one can figure random data generated in the past or predict random data in the future) on PRNG used in Windows 2000 Service Pack 4. Although the authors do not make their attacks downloadable, discerning readers may note that Pinkas is not new to this kind of thing. Pinkas and Gutterman collaborated to do cryptanalysis on Linux PRNG in 2006 before they did their work on Windows.

Microsoft had confirmed last November that, the same flaws found in Windows 2000 PRNG also exist in Windows XP (but not in 2003, Vista or 2008) and that fixes were to be put into Service Pack 3.

Random numbers are generally costlier to generate so crypto systems typically use PRNGs instead. PRNGs constitute the core of crypto systems and any weakness in a PRNG will tend to have system wide security implications. So it is nice to see that Microsoft had their Windows XP Service Pack 3 PRNGs in fips.sys, rsaenh.dll (Windows XP Enhanced Cryptographic Provider), dssenh.dll (Windows XP Enhanced DSS and Diffie-Hellman Cryptographic Provider) FIPS 186-2 certified for the first time.

Not much is known about how windows crypto infrastructure is designed or implemented or changed in various iterations. This is one of the reasons why serious crypto would probably continue to be third party since the system designers do not have a lot of visibility into whether Windows crypto system meets or does not meet the requirements of whatever it is that is being layered on top.

Thanks to Pinkas et al, even though Microsoft discounted that there was any security vulnerability, it seems that in the end, the most often used crypto system in the world, got better.Who will be the next cryptanalyst to take a look at crypto in Vista or 2008 ?

We will have to wait and see.

Tagged with →  
Share →

Leave a Reply

Your email address will not be published. Required fields are marked *


Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop us a note so we can take care of it!

Visit our friends!

A few highly recommended friends...

Set your Twitter account name in your settings to use the TwitterBar Section.