Vulnerability Development mailing list archives
Re: stackguard-like embedded protection
From: "Bluefish (P.Magnusson)" <11a () GMX NET>
Date: Fri, 15 Sep 2000 20:32:53 +0200
Yes, int is not a good word talking about "portable" stack protection... If int is 32bit, than it may be a compromise between performance and security. 2^32 is a quite large number: it probably saves you if the brute force is for a remote bug. To spoof a 32bit number requires a big time in the middle case.
Ah, you make this a complex issue :) Perhaps we should define the correct length to be: There is NO test such as it's resonable to break the application on any system where protective mechanism will be run, with a 50% success chance in less than half a year. But I'd wish to point to a flaws in the reasoning: - Attacker may have "unlimited" time - We may entirely be wrong about what system they will be use, perhaps they implement it on some super computer without modifying the source, we assumed "avarage" hardware only.
6 years in the middle case, that is a lot of time in an active attack
I see your reasoning, which is OK. But like in the aleged stories of former employies having setted up logic bombs, an process could be running for quite some time trying to overflow a protected application. OK, 6 years is unreasonable. But 10 tries a second is pretty low though for a magnitued of situations.
(we are not talking about cryptography, in which I take the ciphertext and try in my cluster for a long time)
Agree, we doesn't have to take into account any "strange" hardware. However, this is actually very much an application of sciences derived from cryptography. We have theories on bit-sizes which can be transformed to this problem, and if any author of a stack-protector believes he can ignore the reasons for a good prng... Then the tool becomes a obsucrity feature, not a security feature.
Anyway I agree that 64bit is a number that kills the brute force ghost. A tester larger than 64bit is paranoia (i.e. how to throw away your CPU).
I believe you are 100% right. IMHO, what we need is calculations on how much time it takes to 'bruteforce' (if it's a bad PRNG in use, remember they'll keep sending the most commonly repeated number) a really simple testapplication. Anyay, I think calculations will simply conclude that 32 bits are dangerous (but as you say, enough for some situations) and 64 will be enough by far. ..:::::::::::::::::::::::::::::::::::::::::::::::::.. http://www.11a.nu || http://bluefish.11a.nu eleventh alliance development & security team
Current thread:
- Re: stackguard-like embedded protection, (continued)
- Re: stackguard-like embedded protection Bluefish (P.Magnusson) (Sep 07)
- Re: stackguard-like embedded protection typo (Sep 07)
- Re: stackguard-like embedded protection Bluefish (P.Magnusson) (Sep 08)
- Re: stackguard-like embedded protection Bluefish (P.Magnusson) (Sep 07)
- Re: stackguard-like embedded protection Hiroaki Etoh (Sep 12)
- Re: stackguard-like embedded protection antirez (Sep 13)
- Re: stackguard-like embedded protection Hiroaki Etoh (Sep 13)
- Re: stackguard-like embedded protection antirez (Sep 13)
- Re: stackguard-like embedded protection Crispin Cowan (Sep 13)
- Re: stackguard-like embedded protection Bluefish (P.Magnusson) (Sep 13)
- Re: stackguard-like embedded protection antirez (Sep 13)
- Re: stackguard-like embedded protection Bluefish (P.Magnusson) (Sep 16)
- Re: stackguard-like embedded protection Crispin Cowan (Sep 16)
- Re: stackguard-like embedded protection Bluefish (P.Magnusson) (Sep 17)
- Re: stackguard-like embedded protection Crispin Cowan (Sep 18)
- The much popular t0rnkit. Masial (Sep 17)
- Re: The much popular t0rnkit. Neil Sequeira (Sep 19)
- Re: stackguard-like embedded protection antirez (Sep 13)