[erlang-questions] Yaws security alert - Yaws 1.93

Claes Wikstrom <>
Thu Jun 21 10:03:20 CEST 2012


On 06/21/2012 02:45 AM, Richard O'Keefe wrote:
>
> On 21/06/2012, at 9:17 AM, Claes Wikstrom wrote:
>> The problem is much deeper, it's the random algorithm itself. It's said that
>> it's cryptographically weak - now I've seen how weak. Very weak.
>
> The algorithm is AS183, the Wichmann-Hill 3-cycle generator.
> It is antique, designed to cope with machines with limited arithmetic
> (like the Xerox D-machines XQP ran on), have a tolerably long period
> (in the days when 1MHz was fast), and serve the needs of simulations
> (small ones, by today's standards).
>
> It was *never* intended to be suitable for cryptography.

Indeed, that being said, I think there is quite a few Erlang applications
out there that use the OTP random module, some, probably quite a few, of
those applications use the random module in what could be considered
a security related setting. It could be anything, the original author
needed a random number, picked the random module, and now years later, it turns 
out that  these random numbers are security related.

Not good, a good solution would be to replace the current random module with
a backwards compat implementation that use a better algorithm.

/klacke




More information about the erlang-questions mailing list