Re: Ruining Security with java.util.Random

[Amit Klein <aksecurity () gmail com>]

Jan P. Monsch wrote:
> Hi
>
> In my review practice I often have to look at Java source code which is used
> to generate passwords, authentication tokens or session ids. Ever so often
> this code uses the Java API class java.util.Random to generate random
> numbers. It is well-established in security industry that this particular
> random generator is not secure. Since I did not know what the reason is for
> this perception I started to have a closer look.
>
> During the review of the Java API source code I discovered two
> vulnerabilities which cause the internal state of java.util.Random to be
> partially exposed or easy guessable. Following paper "Ruining Security with
> java.util.Random" demonstrates two techniques how security mechanisms based
> on java.util.Random can be attacked and under certain conditions can be
> broken within seconds:
> http://www.iplosion.com/papers/ruining_security_with_java.util.random_v1.0.p
> df 
>
>   
FYI: I discussed a particular case of reconstructing the internal PRNG 
state from output observation (the Apache JServ session ID weakness - 
which is based on the Java Random) in my "Cookie Poisoning" paper of 
2002 (http://www.cgisecurity.com/lib/CookiePoisoningByline.pdf, see the 
appendix for details).


Regards,
-Amit


-------------------------------------------------------------------------
Sponsored by: Watchfire

Today's hackers exploit web applications to expose, embarrass and even 
steal. Firewalls and SSL may be commonplace but recent studies indicate 3 
out of 4 websites remain vulnerable to attack. Watchfire's "Addressing 
Challenges in Application Security" whitepaper, explains what to do and 
provides a guideline to improving your own application security. 
Download this whitepaper today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008YTU
--------------------------------------------------------------------------