[erlang-questions] Yaws security alert - Yaws 1.93
Thu Jun 21 10:03:20 CEST 2012
On 06/21/2012 02:45 AM, Richard O'Keefe wrote:
> On 21/06/2012, at 9:17 AM, Claes Wikstrom wrote:
>> The problem is much deeper, it's the random algorithm itself. It's said that
>> it's cryptographically weak - now I've seen how weak. Very weak.
> The algorithm is AS183, the Wichmann-Hill 3-cycle generator.
> It is antique, designed to cope with machines with limited arithmetic
> (like the Xerox D-machines XQP ran on), have a tolerably long period
> (in the days when 1MHz was fast), and serve the needs of simulations
> (small ones, by today's standards).
> It was *never* intended to be suitable for cryptography.
Indeed, that being said, I think there is quite a few Erlang applications
out there that use the OTP random module, some, probably quite a few, of
those applications use the random module in what could be considered
a security related setting. It could be anything, the original author
needed a random number, picked the random module, and now years later, it turns
out that these random numbers are security related.
Not good, a good solution would be to replace the current random module with
a backwards compat implementation that use a better algorithm.
More information about the erlang-questions