oss-sec mailing list archives
Re: PostgreSQL - Predictable cancel key
From: Bastian Blank <waldi () debian org>
Date: Mon, 15 Jun 2015 20:26:32 +0200
Hi Pierre On Mon, Jun 15, 2015 at 10:32:37AM +0200, Pierre Schweitzer wrote:
I had a look at glibc random implementation, they got rid of the old LCG they were using for a "nonlinear additive feedback" PRNG which uses a 31 numbers state. That means that knowing a number in the pseudo-random stream you cannot recover the whole generator state to compute the next PRN, as it was possible with a LCG.
So, basically, if I'm right (correct otherwise!) knowing your cancel key and your PID makes it really hard to know which key belongs to other PIDs. Because you still lack two pieces of information: the initial state (deduced from the knowledge of the seed) and the state of the generator when it generated your key (or perhaps knowing just one state would be enough? Anyway, it's missing).
The seed is not public, but you missed one detail: there are only one million different ones. This seed is the only input of the PRNG. With one million starting points (which is a lot less then the complete state) you can easily brute force the seed for the returned values. After you know the complete state, you can calculate possible state ranges for different PID. Bastian -- The sight of death frightens them [Earthers]. -- Kras the Klingon, "Friday's Child", stardate 3497.2
Current thread:
- PostgreSQL - Predictable cancel key Bastian Blank (Jun 13)
- Re: PostgreSQL - Predictable cancel key Pierre Schweitzer (Jun 15)
- Re: PostgreSQL - Predictable cancel key Bastian Blank (Jun 15)
- Re: PostgreSQL - Predictable cancel key Pierre Schweitzer (Jun 16)
- Re: PostgreSQL - Predictable cancel key Michael Samuel (Jun 16)
- Re: PostgreSQL - Predictable cancel key Pierre Schweitzer (Jun 17)
- Re: PostgreSQL - Predictable cancel key Bastian Blank (Jun 15)
- Re: PostgreSQL - Predictable cancel key Pierre Schweitzer (Jun 15)