| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue Oct 4 18:20:37 2005 From: yboily at gmail.com (Yvan Boily) Subject: Re: SecureW2 TLS security problem > > ? The process ID of the current process requesting random data > > ? The thread ID of the current thread within the process requesting random > data > > ? A 32bit tick count since the system boot > > ? The current local date and time > > ? The current system time of day information consisting of the boot time, c > urrent time, time zone > > ... > > plus many more sources. > > > > I wonder if anybody has quantified the amount of entropy that could > > realistically be extracted from the mentioned sources. > > Umm.. "not much". ;) > > For instance, note that there's "32 bit tick count" and "current time". Wandering > over to Netcraft will give you the uptime - and how many times do they fold > "current time" in there? Each additional one adds exactly zero entropy. Similarly, > you get 4.5 bits of entropy *MAX* from 'time zone' - and if you can guess where > the box is down to the continent, you're down to 2-3 tops, and possibly exactly 0 > if you know the city.... > > Similarly, if "process ID" and "thread ID" are sequentially allocated integers, > there's probably only 3-4 bits of entropy in the process ID (since at each reboot, > everything starts in the same order each time) The default random number generator provided with Windows XP, 2003, and Longhorn, is RtlGenRandom(PVOID,ULONG) ; this is an undocumented API that is called by CryptGenRandom(HCRYPTPROV, DWORD, BYTE*). It uses significantly better sources of entropy than clock information and process & thread ids. >From Michael Howards blog ---------------------------------- http://blogs.msdn.com/michael_howard/archive/2005/01/14/353379.aspx There's a full explanation (including diagrams) in Writing Secure Code 2nd, so if you can lay your hand on a copy, take a look. The RNG generates as specified in FIPS 186-2 appendix 3.1 with SHA-1 as the G function. With entropy from: The current process ID (GetCurrentProcessID). The current thread ID (GetCurrentThreadID). The ticks since boot (GetTickCount). The current time (GetLocalTime). Various high-precision performance counters (QueryPerformanceCounter). An MD4 hash of the user's environment block, which includes username, computer name, and search path. MD4 is a hashing algorithm that creates a 128-bit message digest from input data to verify data integrity. High-precision internal CPU counters, such as RDTSC, RDMSR, RDPMC Low-level system information: Idle Process Time, Io Read Transfer Count, I/O Write Transfer Count, I/O Other Transfer Count, I/O Read Operation Count, I/O Write Operation Count, I/O Other Operation Count, Available Pages, Committed Pages, Commit Limit, Peak Commitment, Page Fault Count, Copy On Write Count, Transition Count, Cache Transition Count, Demand Zero Count, Page Read Count, Page Read I/O Count, Cache Read Count, Cache I/O Count, Dirty Pages Write Count, Dirty Write I/O Count, Mapped Pages Write Count, Mapped Write I/O Count, Paged Pool Pages, Non Paged Pool Pages, Paged Pool Allocated space, Paged Pool Free space, Non Paged Pool Allocated space, Non Paged Pool Free space, Free System page table entry, Resident System Code Page, Total System Driver Pages, Total System Code Pages, Non Paged Pool Lookaside Hits, Paged Pool Lookaside Hits, Available Paged Pool Pages, Resident System Cache Page, Resident Paged Pool Page, Resident System Driver Page, Cache manager Fast Read with No Wait, Cache manager Fast Read with Wait, Cache manager Fast Read Resource Missed, Cache manager Fast Read Not Possible, Cache manager Fast Memory Descriptor List Read with No Wait, Cache manager Fast Memory Descriptor List Read with Wait, Cache manager Fast Memory Descriptor List Read Resource Missed, Cache manager Fast Memory Descriptor List Read Not Possible, Cache manager Map Data with No Wait, Cache manager Map Data with Wait, Cache manager Map Data with No Wait Miss, Cache manager Map Data Wait Miss, Cache manager Pin-Mapped Data Count, Cache manager Pin-Read with No Wait, Cache manager Pin Read with Wait, Cache manager Pin-Read with No Wait Miss, Cache manager Pin-Read Wait Miss, Cache manager Copy-Read with No Wait, Cache manager Copy-Read with Wait, Cache manager Copy-Read with No Wait Miss, Cache manager Copy-Read with Wait Miss, Cache manager Memory Descriptor List Read with No Wait, Cache manager Memory Descriptor List Read with Wait, Cache manager Memory Descriptor List Read with No Wait Miss, Cache manager Memory Descriptor List Read with Wait Miss, Cache manager Read Ahead IOs, Cache manager Lazy-Write IOs, Cache manager Lazy-Write Pages, Cache manager Data Flushes, Cache manager Data Pages, Context Switches, First Level Translation buffer Fills, Second Level Translation buffer Fills, and System Calls. System exception information consisting of Alignment Fix up Count, Exception Dispatch Count, Floating Emulation Count, and Byte Word Emulation Count. System lookaside information consisting of Current Depth, Maximum Depth, Total Allocates, Allocate Misses, Total Frees, Free Misses, Type, Tag, and Size. System interrupt information consisting of context switches, deferred procedure call count, deferred procedure call rate, time increment, deferred procedure call bypass count, and asynchronous procedure call bypass count. System process information consisting of Next Entry Offset, Number Of Threads, Create Time, User Time, Kernel Time, Image Name, Base Priority, Unique Process ID, Inherited from Unique Process ID, Handle Count, Session ID, Page Directory Base, Peak Virtual Size, Virtual Size, Page Fault Count, Peak Working Set Size, Working Set Size, Quota Peak Paged Pool Usage, Quota Paged Pool Usage, Quota Peak Non Paged Pool Usage, Quota Non Paged Pool Usage, Page file Usage, Peak Page file Usage, Private Page Count, Read Operation Count, Write Operation Count, Other Operation Count, Read Transfer Count, Write Transfer Count, and Other Transfer Count.
Powered by blists - more mailing lists