Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 16 Jun 2015 21:04:52 +1000
From: Michael Samuel <mik@...net.net>
To: oss-security@...ts.openwall.com
Subject: Re: PostgreSQL - Predictable cancel key

Hi,

On 16 June 2015 at 20:15, Pierre Schweitzer <pierre@...ctos.org> wrote:

> Well, I've thought about it, but that's still one million seeds and
> the cancel key you're looking for might have been generated after
> several random() call. So, that means perhaps 10 millions values to
> explore? (If we make the hypothesis that for a given initialization,
> it will only draw 10 PRN)
>

This is CPU, maybe GPU territory. 2^15-2 * 10m =~ 2^38 work offline.


> How relevant would still be your cancel key once you found it?


In the postmaster mainloop:

ConnCreate()
    RandomSalt() -- the md5Salt craziness in the original post
BackendStartup()
    MyCancelKey = PostmasterRandom();

No other calls to random(), srandom() that I can see, and the other calls
to PostmasterRandom() are generating cancel keys for worker procs.

So if you brute the md5Salt you have a pretty good chance of guessing
something that was/is/will be a cancel key of another session.

Regards,
  Michael

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.