[erlang-questions] Yaws security alert - Yaws 1.93

Tuncer Ayaz <>
Thu Jun 21 12:47:46 CEST 2012


On Thu, Jun 21, 2012 at 10:03 AM, Claes Wikstrom wrote:
> On 06/21/2012 02:45 AM, Richard O'Keefe wrote:
> >
> >
> > On 21/06/2012, at 9:17 AM, Claes Wikstrom wrote:
> > >
> > > The problem is much deeper, it's the random algorithm itself.
> > > It's said that it's cryptographically weak - now I've seen how
> > > weak. Very weak.
> >
> >
> > The algorithm is AS183, the Wichmann-Hill 3-cycle generator. It is
> > antique, designed to cope with machines with limited arithmetic
> > (like the Xerox D-machines XQP ran on), have a tolerably long
> > period (in the days when 1MHz was fast), and serve the needs of
> > simulations (small ones, by today's standards).
> >
> > It was *never* intended to be suitable for cryptography.
>
> Indeed, that being said, I think there is quite a few Erlang
> applications out there that use the OTP random module, some,
> probably quite a few, of those applications use the random module in
> what could be considered a security related setting. It could be
> anything, the original author needed a random number, picked the
> random module, and now years later, it turns out that  these random
> numbers are security related.
>
> Not good, a good solution would be to replace the current random
> module with a backwards compat implementation that use a better
> algorithm.

It should probably be replaced with Kenji's sfmt-erlang or an
implementation of (C)MWC.

https://groups.google.com/group/comp.soft-sys.math.mathematica/msg/95a94c3b2aa5f077



More information about the erlang-questions mailing list