Spotting the Sin During Code Review

There arent many steps here:

  • Figure out where random numbers should be used, but arent.

  • Find places that use PRNGs.

  • For the places that use CPRGs, make sure that theyre seeded properly.

When Random Numbers Should Have Been Used

Figuring out the places where random numbers should have been used, but werent, tends to be very difficult. It requires you to understand the data in the program, and, often, the libraries being used. For example, older cryptographic libraries expect you to seed a CRNG yourself. Originally, libraries would carry on happily if you didnt, and then they started complaining (or failing to run). But it was common to seed a generator with a fixed value to shut up the library. These days, pretty much all crypto libraries go directly to the system to seed their internal generators.

We recommend at least looking for session IDs to see how theyre implemented, because, while most third-party application servers now recognize and fix this problem, when people implement their own session ID management, they often get it wrong.

Finding Places that Use PRNGs

Here, we show you how to find both noncryptographic PRNGs and CRNGs that may have been seeded improperly. In general, you wont need to worry about people who choose to use the system CRNG because you can expect that to be well seeded.

Usually when someone uses a noncryptographic PRNG, they will use the insecure API that comes with their programming language, simply because they dont know any better. Table 18-1 lists of all of these common APIs, by language.

Table 18-1: Insecure (Non-Cryptographic) PRNG APIs in Popular Languages

Language

APIs

C and C++

rand(), random(), seed(), initstate(), setstate() drand48(), erand48(), jrand48(), lrand48(), mrand48(), nrand48(), lcong48(), and seed48()

Windows

UuidCreateSequential

C# and VB.NET

Random class

Java

Everything in java.util.Random

JavaScript

Math.random()

VBScript

Rnd

Python

Everything in the random and whrandom modules

Perl

rand() and srand ()

PHP

rand(), srand(), mt_rand(), and mt_srand()

CRNGs dont often have standard APIs, unless someone is using a crypto library that exports one, and then those are usually going to be okay.

There are a few standard designs. The modern preference for cryptographers seems to be to use a block cipher (usually AES) in counter mode. The ANSI X9.17 is another popular generator. For these, youll generally look for uses of symmetric cryptography, and manually attempt to determine whether theyre implemented correctly and seeded properly.

Determining Whether a CRNG Is Seeded Properly

If a CRNG is seeded by the system generator, theres probably no risk. But, in a language like Java, where the API doesnt use the system generator, or doesnt directly use the CRNG, you may have the ability to specify a seed. In this case people might do it, if only to speed up initialization. (This happens a fair bit in Java, where SecureRandom startup is slow; see the Java section later in this chapter).

On the other extreme, if the seed is static, then youve got a system that is definitely broken. If the seed gets stored in a file and is updated periodically with output from the generator, then the security depends on how well the original seed was generated, and how secure the seed file is.

If third-party entropy gathering code is used, it can be tough to determine exact risk levels. (Getting into the theory behind entropy is beyond the scope of this book.) While these cases will generally be very low risk, if its possible to use the system generator, you should recommend that.

The only cases where it shouldnt be possible is when there is a legitimate need to replay the number stream (which is very rare), and when using an operating system without such facilities (these days, usually only certain embedded systems).



19 Deadly Sins of Software Security. Programming Flaws and How to Fix Them
Writing Secure Code
ISBN: 71626751
EAN: 2147483647
Year: 2003
Pages: 239

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net