oss-sec mailing list archives
Re: Randomness Attacks Against PHP Applications
From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 17 Sep 2012 19:22:03 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 09/17/2012 10:58 AM, Raphael Geissert wrote:
On Monday 17 September 2012 10:36:46 Josh Bressers wrote:On Wed, Aug 22, 2012 at 02:31:07PM +0400, Solar Designer wrote: Maybe these PoCs will help convince someone.Just a note regarding the sessionid case: IIRC since 5.4 session.entropy_length is set to, erm, 32 (bytes.) Basically it appends N bytes from /dev/urandom to the other input for the digest and then it is computed. (why 32 bytes, and why still use md5 by default, well...)I'm skeptical they will. I've been doing a lot of work for the past year on various proactive security efforts. I keep coming back to two basic things.[...]Has anyone tried to talk to them about this further to see if the issue is they don't understand, or are they being stubborn?I think the main problem is education. For instance, there is no word about mt_rand not being suitable for criptographic pourposes (much less what that means.)
Agreed. One example of a similar problem with good images displaying the issue clearly: http://lcamtuf.coredump.cx/newtcp/
Sure, searching for "crypt" in the page shows a few comments saying that it isn't suitable, but: a) there are far more "encryption functions", "random password generators", and similar stuff in the comments than those that do mention its weaknesses. b) the official documentation itself doesn't say a word. It should say it loud and clear. Comments should also be moderated. Many examples available as comments in the documentation are incorrect. Now, pointing it out is easy, but somebody has to actually do the work. *That* is another issue. Cheers,
- -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iQIcBAEBAgAGBQJQV8y7AAoJEBYNRVNeJnmTMsYP/jMjcOslDu6l8aoxpSqNcFmB hdRaVRNxBh3A/IK0Vg0syR1vmP8ShFlJCEZ9XUc+8v0E/s75EO6fWNsntKTSZY5s A646R13ENc46aPhBi2feO7PX/bVTsJVvwVMMrKLlwTWIGoyfbemAjkWRE5VBwr6x U+R1tp97wpK65LGjwmImgzCJMUqBXGuemm+jpJTMBltcACKvGp7h28wfJL66UR76 mSV0F7YisjZ3gKHv5DmKxlzVRNx9KcKM3qaMjWVuAIicMz3CBsbJ68WXVRbraV0Q dXtkh5Uo/dfnfjXC6rPAMwkqOb7tdIB076alxTq16C2hbXrUVgroysJ4C4v16XTk qkZOH6jcZYWiQai/tDQA/DNAsKbBTNj8N6JRX7y1i0d8l1SGv+fbGtG2qTeZEs5R XhoVxKpEQUWrEU5yi7ToVasjqXUrE4cvD3n6RUX0s6IODjbm6Zbow/+F4PWIFJWF wr2GC9nGn3RKicLxi+/mUWgtukZljfneYJu0i+R9DPDjwd0IxgpaWre3c//JurK5 AVX9clRdEEUZD4chzqDRdzv2xmJLDcevOo29s2XC8DzePWGRO+D7t+RhQkQ4C7JB AaZyGKCr9tosPKUVWm7UGIAWxvHaIBsvfcH6V+lGSMkeyCIeAYFV+cWjgP/aZnno Xeicv9GFtZPRw5ThRyFi =D8kI -----END PGP SIGNATURE-----
Current thread:
- Randomness Attacks Against PHP Applications Yves-Alexis Perez (Aug 09)
- Re: Randomness Attacks Against PHP Applications Yves-Alexis Perez (Aug 10)
- Re: Randomness Attacks Against PHP Applications Solar Designer (Aug 22)
- Re: Randomness Attacks Against PHP Applications Solar Designer (Sep 14)
- Re: Randomness Attacks Against PHP Applications Josh Bressers (Sep 17)
- Re: Randomness Attacks Against PHP Applications Raphael Geissert (Sep 17)
- Re: Randomness Attacks Against PHP Applications Daniel Kahn Gillmor (Sep 17)
- Re: Randomness Attacks Against PHP Applications Kurt Seifried (Sep 17)
- Re: Randomness Attacks Against PHP Applications George Argyros (Sep 20)
- Re: Randomness Attacks Against PHP Applications Solar Designer (Sep 22)
- Re: Randomness Attacks Against PHP Applications Vladimir Vorontsov (Sep 23)
- Re: Randomness Attacks Against PHP Applications George Argyros (Sep 27)
- Re: Randomness Attacks Against PHP Applications Raphael Geissert (Sep 24)
- Re: Randomness Attacks Against PHP Applications George Argyros (Sep 27)
- Re: Randomness Attacks Against PHP Applications Solar Designer (Sep 14)
- Re: Randomness Attacks Against PHP Applications Vladimir Vorontsov (Sep 17)