[erlang-questions] Yaws security alert - Yaws 1.93
Pablo Platt
pablo.platt@REDACTED
Thu Jun 21 00:45:00 CEST 2012
What are the alternatives?
________________________________
From: Geoff Cant <nem@REDACTED>
To: Claes Wikstrom <klacke@REDACTED>
Cc: erlang-questions <erlang-questions@REDACTED>
Sent: Thursday, June 21, 2012 12:37 AM
Subject: Re: [erlang-questions] Yaws security alert - Yaws 1.93
On 2012-06-20, at 14:17 , Claes Wikstrom wrote:
> On 06/20/2012 11:10 PM, Geoff Cant wrote:
>> Hi Klake,
>>
>> Is the problem related to predictable seeding of random (set to {A,B,C} =
>> erlang:now() at some point) or is it a bigger break in taking a series of
>> outputs from random:uniform and working out the internal state from that?
>> Just trying to figure out if kallez's attack is a brute force discovery of a
>> weak seed, or if it's a more complete break of the generator itself given an
>> unknown seed.
>>
>> Cheers,
>
>
> It's not, Yaws was using the seed as in
>
>
> {X,Y,Z} = seed(),
>
> ...
>
>
> seed() ->
> case (catch list_to_binary(
> os:cmd("dd if=/dev/urandom ibs=12 count=1 2>/dev/null"))) of
> <<X:32, Y:32, Z:32>> ->
> {X, Y, Z};
> _ ->
> now()
> end.
>
>
> The problem is much deeper, it's the random algorithm itself. It's said that
> it's cryptographically weak - now I've seen how weak. Very weak.
That's pretty neat indeed then (as an attack, not so great for anyone using random:uniform for any crypto-ish purpose). I'd love to look at a description of the break if one becomes available.
Cheers,
--
Geoff Cant
_______________________________________________
erlang-questions mailing list
erlang-questions@REDACTED
http://erlang.org/mailman/listinfo/erlang-questions
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20120620/b67fd6fa/attachment.htm>
More information about the erlang-questions
mailing list