[erlang-questions] Yaws security alert - Yaws 1.93

Pablo Platt <>
Thu Jun 21 00:45:00 CEST 2012


What are the alternatives?



________________________________
 From: Geoff Cant <>
To: Claes Wikstrom <> 
Cc: erlang-questions <> 
Sent: Thursday, June 21, 2012 12:37 AM
Subject: Re: [erlang-questions] Yaws security alert - Yaws 1.93
 

On 2012-06-20, at 14:17 , Claes Wikstrom wrote:

> On 06/20/2012 11:10 PM, Geoff Cant wrote:
>> Hi Klake,
>> 
>> Is the problem related to predictable seeding of random (set to {A,B,C} =
>> erlang:now() at some point) or is it a bigger break in taking a series of
>> outputs from random:uniform and working out the internal state from that?
>> Just trying to figure out if kallez's attack is a brute force discovery of a
>> weak seed, or if it's a more complete break of the generator itself given an
>> unknown seed.
>> 
>> Cheers,
> 
> 
> It's not, Yaws was using the seed as in
> 
> 
>    {X,Y,Z} = seed(),
> 
> ...
> 
> 
> seed() ->
>    case (catch list_to_binary(
>                  os:cmd("dd if=/dev/urandom ibs=12 count=1 2>/dev/null"))) of
>        <<X:32, Y:32, Z:32>> ->
>            {X, Y, Z};
>        _ ->
>            now()
>    end.
> 
> 
> The problem is much deeper, it's the random algorithm itself. It's said that
> it's cryptographically weak - now I've seen how weak. Very weak.


That's pretty neat indeed then (as an attack, not so great for anyone using random:uniform for any crypto-ish purpose). I'd love to look at a description of the break if one becomes available.

Cheers,
--
Geoff Cant




_______________________________________________
erlang-questions mailing list

http://erlang.org/mailman/listinfo/erlang-questions
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20120620/b67fd6fa/attachment.html>


More information about the erlang-questions mailing list