[prev in list] [next in list] [prev in thread] [next in thread]
List: webappsec
Subject: Re: Ruining Security with java.util.Random
From: Amit Klein <aksecurity () gmail ! com>
Date: 2006-12-19 6:21:08
Message-ID: 458784D4.6060309 () gmail ! com
[Download RAW message or body]
Jan P. Monsch wrote:
> Hi
>
> In my review practice I often have to look at Java source code which is used
> to generate passwords, authentication tokens or session ids. Ever so often
> this code uses the Java API class java.util.Random to generate random
> numbers. It is well-established in security industry that this particular
> random generator is not secure. Since I did not know what the reason is for
> this perception I started to have a closer look.
>
> During the review of the Java API source code I discovered two
> vulnerabilities which cause the internal state of java.util.Random to be
> partially exposed or easy guessable. Following paper "Ruining Security with
> java.util.Random" demonstrates two techniques how security mechanisms based
> on java.util.Random can be attacked and under certain conditions can be
> broken within seconds:
> http://www.iplosion.com/papers/ruining_security_with_java.util.random_v1.0.p
> df
>
>
FYI: I discussed a particular case of reconstructing the internal PRNG
state from output observation (the Apache JServ session ID weakness -
which is based on the Java Random) in my "Cookie Poisoning" paper of
2002 (http://www.cgisecurity.com/lib/CookiePoisoningByline.pdf, see the
appendix for details).
Regards,
-Amit
-------------------------------------------------------------------------
Sponsored by: Watchfire
Today's hackers exploit web applications to expose, embarrass and even
steal. Firewalls and SSL may be commonplace but recent studies indicate 3
out of 4 websites remain vulnerable to attack. Watchfire's "Addressing
Challenges in Application Security" whitepaper, explains what to do and
provides a guideline to improving your own application security.
Download this whitepaper today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008YTU
--------------------------------------------------------------------------
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic