Great Circle Associates Firewalls
(February 1994) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: genp.c potential weakness
From: morgan @ engr . uky . edu (Wes Morgan)
Date: Tue, 15 Feb 94 09:23:40 EST
To: firewalls @ greatcircle . com 
After distributing a flock of copies of genp.c, a potential weakness
was pointed out to me.

genp seeds its random number generator with a call to getpid().  This
indicates that there are only 30000 possible seeds on most Unix systems.
(Your system may differ; MAXPID is usually defined in <sys/param.h>) 
Therefore, a brute force approach, tailored to genp, may be quite suc-
cessful.

I'm looking at alternative seeds; other genp users should do the same.
My apologies for not catching this one sooner; it was silly of me to
be satisfied with just a "Crack 4.1 test."

--Wes
Indexed By Date Previous: udp blocking
From: Christopher Klaus <cklaus @ shadow . net>
Next: Re: genp.c potential weakness
From: mjr @ tis . com
Indexed By Thread Previous: udp blocking
From: Christopher Klaus <cklaus @ shadow . net>
Next: Re: genp.c potential weakness
From: mjr @ tis . com
Google
 
Search Internet Search www.greatcircle.com