[erlang-questions] Yaws security alert - Yaws 1.93
Geoff Cant
nem@REDACTED
Wed Jun 20 23:37:44 CEST 2012
On 2012-06-20, at 14:17 , Claes Wikstrom wrote:
> On 06/20/2012 11:10 PM, Geoff Cant wrote:
>> Hi Klake,
>>
>> Is the problem related to predictable seeding of random (set to {A,B,C} =
>> erlang:now() at some point) or is it a bigger break in taking a series of
>> outputs from random:uniform and working out the internal state from that?
>> Just trying to figure out if kallez's attack is a brute force discovery of a
>> weak seed, or if it's a more complete break of the generator itself given an
>> unknown seed.
>>
>> Cheers,
>
>
> It's not, Yaws was using the seed as in
>
>
> {X,Y,Z} = seed(),
>
> ...
>
>
> seed() ->
> case (catch list_to_binary(
> os:cmd("dd if=/dev/urandom ibs=12 count=1 2>/dev/null"))) of
> <<X:32, Y:32, Z:32>> ->
> {X, Y, Z};
> _ ->
> now()
> end.
>
>
> The problem is much deeper, it's the random algorithm itself. It's said that
> it's cryptographically weak - now I've seen how weak. Very weak.
That's pretty neat indeed then (as an attack, not so great for anyone using random:uniform for any crypto-ish purpose). I'd love to look at a description of the break if one becomes available.
Cheers,
--
Geoff Cant
More information about the erlang-questions
mailing list