[erlang-questions] Erlang cookies are secure

[Per Hedeland]

Fred Hebert <mononcqc@REDACTED> wrote:
>
>On 06/11, Per Hedeland wrote:
>>As for actual analysis of the mechanism as such, the only thing I can
>>find is the statement "cookie key space by default is 26^20" - given as
>>a good property, but it certainly makes me wonder about the depth of
>>such an analysis, if it has indeed been undertaken (I see no claim that
>>it has). The cookie is an arbitrary atom, and thus the value space is
>>larger than 256^255 ((1 - 256^256)/(1 - 256) to be precise, or just a
>>few bits short of 2048) - period.
>
>The space is likely smaller since you're going for an MD5 challenge and 
>only have to generate a conflicting MD5, not the actual cookie I 
>believe?

Hm, so now you're doing a security analysis, and asking me to comment on
it? Probably a case of the blind leading the blind, but OK... The value
space of the cookie is what it is, independent of how it is used - I was
merely pointing out that the only statement that seemed indicative of a
security analysis being done was inaccurate.

How the value space of the cleartext and its relation to the value space
(and quality?) of the digest translates into "security" in this context
isn't something I feel qualified to comment on, but I think I know
enough to say that it isn't just a matter of counting the respective
number of bits.

>The challenge itself uses the cookie and then 'salts' it with the result 
>of this function: 
>https://github.com/erlang/otp/blob/e1489c448b7486cdcfec6a89fea238d88e6ce2f3/lib/kernel/src/dist_util.erl#L376-L388
>which has no great source of randomness, especially on mostly idle nodes 
>I'd guess.

AFAIK the "salt", or as it's more commonly called in this context, the
"nonce", has no actual requirement of randomness, only of variation -
i.e. it should not be repeated. It could quite possibly be done better,
but it's certainly not obvious to me that there is any actual problem
with the current implementation.

--Per