Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 17 Sep 2012 19:22:03 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Raphael Geissert <geissert@...ian.org>,
        argyros george <argyros.george@...il.com>,
        Aggelos Kiayias <aggelos@...yias.com>,
        Vladimir Vorontsov <vladimir.vorontsov@...ec.ru>,
        gifts <gifts.antichat@...il.com>
Subject: Re: Randomness Attacks Against PHP Applications

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 09/17/2012 10:58 AM, Raphael Geissert wrote:
> On Monday 17 September 2012 10:36:46 Josh Bressers wrote:
>>> On Wed, Aug 22, 2012 at 02:31:07PM +0400, Solar Designer
>>> wrote: Maybe these PoCs will help convince someone.
> 
> Just a note regarding the sessionid case: IIRC since 5.4 
> session.entropy_length is set to, erm, 32 (bytes.) Basically it
> appends N bytes from /dev/urandom to the other input for the digest
> and then it is computed. (why 32 bytes, and why still use md5 by
> default, well...)
> 
>> I'm skeptical they will. I've been doing a lot of work for the
>> past year on various proactive security efforts. I keep coming
>> back to two basic things.
> [...]
>> Has anyone tried to talk to them about this further to see if the
>> issue is they don't understand, or are they being stubborn?
> 
> I think the main problem is education. For instance, there is no
> word about mt_rand not being suitable for criptographic pourposes
> (much less what that means.)

Agreed. One example of a similar problem with good images displaying
the issue clearly:

http://lcamtuf.coredump.cx/newtcp/

> Sure, searching for "crypt" in the page shows a few comments saying
> that it isn't suitable, but: a) there are far more "encryption
> functions", "random password generators", and similar stuff in the
> comments than those that do mention its weaknesses. b) the official
> documentation itself doesn't say a word. It should say it loud and
> clear.
> 
> Comments should also be moderated. Many examples available as
> comments in the documentation are incorrect.
> 
> Now, pointing it out is easy, but somebody has to actually do the
> work. *That* is another issue.
> 
> Cheers,
> 


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBAgAGBQJQV8y7AAoJEBYNRVNeJnmTMsYP/jMjcOslDu6l8aoxpSqNcFmB
hdRaVRNxBh3A/IK0Vg0syR1vmP8ShFlJCEZ9XUc+8v0E/s75EO6fWNsntKTSZY5s
A646R13ENc46aPhBi2feO7PX/bVTsJVvwVMMrKLlwTWIGoyfbemAjkWRE5VBwr6x
U+R1tp97wpK65LGjwmImgzCJMUqBXGuemm+jpJTMBltcACKvGp7h28wfJL66UR76
mSV0F7YisjZ3gKHv5DmKxlzVRNx9KcKM3qaMjWVuAIicMz3CBsbJ68WXVRbraV0Q
dXtkh5Uo/dfnfjXC6rPAMwkqOb7tdIB076alxTq16C2hbXrUVgroysJ4C4v16XTk
qkZOH6jcZYWiQai/tDQA/DNAsKbBTNj8N6JRX7y1i0d8l1SGv+fbGtG2qTeZEs5R
XhoVxKpEQUWrEU5yi7ToVasjqXUrE4cvD3n6RUX0s6IODjbm6Zbow/+F4PWIFJWF
wr2GC9nGn3RKicLxi+/mUWgtukZljfneYJu0i+R9DPDjwd0IxgpaWre3c//JurK5
AVX9clRdEEUZD4chzqDRdzv2xmJLDcevOo29s2XC8DzePWGRO+D7t+RhQkQ4C7JB
AaZyGKCr9tosPKUVWm7UGIAWxvHaIBsvfcH6V+lGSMkeyCIeAYFV+cWjgP/aZnno
Xeicv9GFtZPRw5ThRyFi
=D8kI
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.