lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-id: <45C80C7B.4060204@gmail.com>
Date: Tue, 06 Feb 2007 07:04:59 +0200
From: Amit Klein <aksecurity@...il.com>
To: Michal Zalewski <lcamtuf@...ne.ids.pl>
Cc: NGSSoftware Insight Security Research <nisr@...software.com>,
	bugtraq@...urityfocus.com
Subject: Re: Jetty Session ID Prediction

Michal Zalewski wrote:
> On Mon, 5 Feb 2007, NGSSoftware Insight Security Research wrote:
>
>   
>> Jetty generates a 64-bit session id by generating two 32-bit numbers in
>> this way, so we end up with an encoded 64-bit integer. By decoding the
>> integer and splitting it into its two component 32-bit integers, we can
>> easily brute-force the generator's internal state.
>>     
>
> Why on earth would you want to brute-force it?
>
> http://www.springerlink.com/content/9jkp3179mj6fwh6m/s
> http://dsns.csie.nctu.edu.tw/research/crypto/HTML/PDF/C89/138.PDF
>
>   

I don't think that the method described in the paper you referenced 
above is applicable as-is, because the method requires that the state of 
the PRNG is known (the coefficients aren't), while in our situation, the 
coefficients are known, but the state isn't known in fullness (only 32 
bits out of the 48 are known).

-Amit

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ