Date: Tue, 18 Nov 2014 11:22:45 +1100 From: Joshua Rogers <oss@...ernot.info> To: oss-security@...ts.openwall.com Subject: Re: Wordpress WP-DB-Backup v2.2.4 Plugin Remote Database Backup Download Vulnerability On 18/11/14 10:30, Larry W. Cashdollar wrote: > Turns out Matthew Bryant had already covered everything I had but a few months ago here: > > http://thehackerblog.com/auditing-wp-db-backup-wordpress-plugin-why-using-the-database-password-for-entropy-is-a-bad-idea/ On that blog.. > So we have to bruteforce these five hexadecimal digits – what’s the > math on that? Since our keyspace is any hex character and we have a > total of five digits we have 16^5 possibilities or 1,048,576 > permutations. Using birthday problem maths.. 1048576! / ((1048576-1205)! * 1048576^1205) = 0.500538915 1-0.500538915= .499461085 aka. after 1,205 attempts, you'd have a 50% chance of hitting the correct location.. Just something to consider. -- -- Joshua Rogers <https://internot.info/>
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.