On Fri, 11 Jan 2002 13:22:42 PST, Michael Wojcik <Michael.Wojcikat_private> said: > > From: Josh Daymont [mailto:joshdat_private] > > > The rand(3) function on nearly any commercial OS will be easily > > guessable by an attacker. ... > > > > For most operating systems, the rand(3) libcall is implemented > > using a linear congruential generator (LCG). These kinds of > > functions are easily broken by an attacker after getting only two > > known consecutive outputs. > > Which, in this case, the attacker would have to extract from the preimage of > the digest. If the attacker can get that, Ryan has other problems. Dictionary attack. If you're using a bad RNG that only has 65K different states, you can just do 65K MD5 hashes, and see which one matches the hash you got. At that point, you know the internal state of the RNG, and the game is over.... -- Valdis Kletnieks Computer Systems Senior Engineer Virginia Tech
This archive was generated by hypermail 2b30 : Sat Jan 12 2002 - 08:23:27 PST