Example Sins

Previous page
Table of content
Next page

There are a few examples of gambling sites falling prey to weak random numbers (see the Other Resources section) and plenty of examples of nonrandom session IDs out there. But lets look briefly at some of the most ironic failings: bad randomness in crypto code itself.

The Netscape Browser

In 1996, grad students Ian Goldberg and David Wagner determined that Netscapes SSL implementation was creating random session keys by applying Message Digest 5 (MD5) to some not-very-random data, including the system time and the process ID. As a result, they could crack real sessions in less than 25 seconds on 1996 hardware. This takes less than a fraction of a second today. Oops.

Netscape invented SSL for their browser. (The first public release was the Netscape- designed Version 2.) This was an implementation problem, not a protocol flaw, but it showed that Netscape probably wasnt the right company to design a secure transport protocol. And, time bore that out. For Version 3 of the protocol, they turned the job over to a professional cryptographer, who did a much better job in the grand scheme of things.

OpenSSL Problems

Really old versions of OpenSSL relied on the user to seed the PRNG, and would give only this warning: Random number generator not seeded !!! Some people just ignored it, and the program would go on its merry way. Other people would seed with a constant string, and the program would go on its merry way.

Then, once /dev/random became popular, they started seeding their PRNG with it (instead of using /dev/urandom). At the time, FreeBSD-Alpha didnt have a /dev/random, and OpenSSL would just silently go about its merry way when it couldnt find one of these devices (see CVE CAN-200-0535).

Then, it turned out that Netscapes ad hoc PRNG was broken (meaning that, under certain conditions, an attacker could figure out the state of the generator, and predict arbitrary numbers). This happened , even though they used a popular cryptographic function as a basis (see CVE-2001-1141).

If these kinds of problems can occur in popular crypto APIs, imagine what can go wrong if you try to build random number generation systems on your own. A lot of work has been done on provable security for random number generators. If you absolutely need to build your own, please leverage that. We show you how to do so in the section that follows .


Previous page
Table of content
Next page
19 Deadly Sins of Software Security. Programming Flaws and How to Fix Them
Writing Secure Code
ISBN: 71626751
EAN: 2147483647
Year: 2003
Pages: 239
Authors: Michael Howard, David LeBlanc
BUY ON AMAZON
Strategies for Information Technology Governance
Identifying and Managing Project Risk: Essential Tools for Failure-Proofing Your Project
Snort Cookbook
MySQL Clustering
Logistics and Retail Management: Emerging Issues and New Challenges in the Retail Supply Chain
Special Edition Using FileMaker 8
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy