URL for Yarrow PRNG

From: Josh Daymont (joshdat_private)
Date: Thu Jan 10 2002 - 15:23:57 PST

Next message: Glynn Clements: "Re: Safe session IDs"

Previous message: Adam Osuchowski: "Re: Safe session IDs"
In reply to: Josh Daymont: "Re: Safe session IDs"
Next in thread: Ed Moyle: "RE: URL for Yarrow PRNG"
Next in thread: Hector Herrera: "Re: Safe session IDs"
Reply: Ed Moyle: "RE: URL for Yarrow PRNG"
Reply: Yosi: "RE: URL for Yarrow PRNG"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Ryan,

My apologies, today has been rather hectic and I forgot to include a URL
for the Yarrow PRNG.  You can find all the information you'll ned at:

http://www.counterpane.com/yarrow.html

-Josh Daymont


On Thu, 10 Jan 2002, Josh Daymont wrote:

>
> The rand(3) function on nearly any commercial OS will be easily guessable
> by an attacker.  Ditto for the remote IP and almost any other "static
> machine state" derived information.  Hopefully you aren't relying on these
> kinds of session Ids to protect anything that holds client information,
> trade secrets and/or credit cards.
>
> I'd recommend that you look into something allow the lines of Yarrow.
>
>
> explanation of the security of the rand(3) call:
>
> For most operating systems, the rand(3) libcall is implemented using a
> linear congruential generator (LCG).  These kinds of functions are easily
> broken by an attacker after getting only two known consecutive outputs.
> Breaking such a function doesn't involve any advanced math and can be
> easily understood by anyone who knows basic modular arithmetic and high
> school algebra.
>
> Some newer linux distributions use an additive generator based on the
> random(3) call.  This implementation is slightly more secure than the
> linear congruential generators but is still easily broken in under 100
> known consecutive outputs, making it unusable for generating secure PRNs.
> The math involved in breaking this kind of a generator is even simpler
> than for a LCG.
>
> Moral of the story:  just because a random number generator advertises
> itself as "more random" or "more secure" than a known insecure PRNG
> doesn't mean that it provides an adquate level of security.
>
> -Josh Daymont
>
> On Thu, 10 Jan 2002, Ryan M Harris wrote:
>
> > What is the most secure way of generating a session number?
> >
> > I have used the following formula in the past.  Is it secure (from a
> > randomness perspective)?  Any way to make it more secure/random?
> >
> > sessionid = md5( <REMOTE_IP> + REMOTE_USER_AGENT> + rand() (5 bytes from
> > here) + microtime() )
> >
> > Ryan M Harris
> >
> >
>
>

Next message: Glynn Clements: "Re: Safe session IDs"
Previous message: Adam Osuchowski: "Re: Safe session IDs"
In reply to: Josh Daymont: "Re: Safe session IDs"
Next in thread: Ed Moyle: "RE: URL for Yarrow PRNG"
Next in thread: Hector Herrera: "Re: Safe session IDs"
Reply: Ed Moyle: "RE: URL for Yarrow PRNG"
Reply: Yosi: "RE: URL for Yarrow PRNG"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Jan 11 2002 - 12:51:40 PST