WebApp Sec mailing list archives

Ruining Security with java.util.Random

From: "Jan P. Monsch" <jan.monsch () iplosion com>
Date: Sun, 17 Dec 2006 01:19:27 +0100

Hi

In my review practice I often have to look at Java source code which is used
to generate passwords, authentication tokens or session ids. Ever so often
this code uses the Java API class java.util.Random to generate random
numbers. It is well-established in security industry that this particular
random generator is not secure. Since I did not know what the reason is for
this perception I started to have a closer look.

During the review of the Java API source code I discovered two
vulnerabilities which cause the internal state of java.util.Random to be
partially exposed or easy guessable. Following paper "Ruining Security with
java.util.Random" demonstrates two techniques how security mechanisms based
on java.util.Random can be attacked and under certain conditions can be
broken within seconds:
http://www.iplosion.com/papers/ruining_security_with_java.util.random_v1.0.p
df 

Using these weaknesses an attacker can synchronize into the stream of random
numbers and therefore calculate all future random numbers. For security
relevant code java.util.Random should never be used. At least the Java class
java.security.SecureRandom with the default constructor should be utilized.
This provides much better security.

If you know about other vulnerabilities in the design of java.util.Random or
you know about vulnerabilities in java.security.SecureRandom I would be
happy to hear about it.

Kind regards
Jan P. Monsch



-------------------------------------------------------------------------
Sponsored by: Watchfire

Today's hackers exploit web applications to expose, embarrass and even 
steal. Firewalls and SSL may be commonplace but recent studies indicate 3 
out of 4 websites remain vulnerable to attack. Watchfire's "Addressing 
Challenges in Application Security" whitepaper, explains what to do and 
provides a guideline to improving your own application security. 
Download this whitepaper today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008YTU
--------------------------------------------------------------------------

Current thread:

Ruining Security with java.util.Random Jan P. Monsch (Dec 18)
- Re: Ruining Security with java.util.Random Amit Klein (Dec 19)