Great Circle Associates Firewalls
(February 1994)
 

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Re: genp.c potential weakness
From: mjr @ tis . com
Date: Tue, 15 Feb 94 10:00:34 EST
To: firewalls @ GreatCircle . COM, morgan @ engr . uky . edu

>genp seeds its random number generator with a call to getpid().  This
>indicates that there are only 30000 possible seeds on most Unix systems.
>(Your system may differ; MAXPID is usually defined in <sys/param.h>) 
>Therefore, a brute force approach, tailored to genp, may be quite suc-
>cessful.

	30000 possible seeds is the size of many crack dictionaries,
so I'd say that's very searchable.

	Generating good pseudorandom numbers is *hard* to do. Various
approaches I've seen in the past include using an MD5 hash of the
output of "ps -aux" as a seed, or using 'random' keypresses from the
user and the time intervals between them. Most of these values can
be made to look highly random by running them through an encryption
step -- but what's important is not that the output be random, but
that the see be unpredictable. The number of changing bits in the
seed should be 56 bits or more, as otherwise you're using a seed
that's "weaker" than the DES key. An attacker doesn't need to
exhaustively attack your one-way hash function if he can attack
your random number seed.

mjr.

Indexed By Date Previous: genp.c potential weakness
From: morgan @ engr . uky . edu (Wes Morgan)
Next: Re: genp.c potential weakness
From: long-morrow @ CS . YALE . EDU (H Morrow Long)
Indexed By Thread Previous: genp.c potential weakness
From: morgan @ engr . uky . edu (Wes Morgan)
Next: Re: genp.c potential weakness
From: long-morrow @ CS . YALE . EDU (H Morrow Long)

Google
 
Search Internet Search www.greatcircle.com