Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.python > #7152
| From | Robin Becker <robin@reportlab.com> |
|---|---|
| Subject | Re: How good is security via hashing |
| Date | 2011-06-07 13:27 +0100 |
| References | <mailman.2524.1307441917.9059.python-list@python.org> <4d3945c6-6c0b-45e4-9d12-f6f50c09108b@ct4g2000vbb.googlegroups.com> |
| Newsgroups | comp.lang.python |
| Message-ID | <mailman.2529.1307449692.9059.python-list@python.org> (permalink) |
On 07/06/2011 12:40, Jean-Paul Calderone wrote: astcgi and the >> initialization is only carried out once and then say 50 rrr values are generated. > > How much randomness do you actually have in this scheme? The PID is > probably difficult > for an attacker to know, but it's allocated roughly monotonically with > a known > wrap-around value. The time is probably roughly known, so it also > contributes less > than its full bits to the randomness. Only dur is really > unpredictable. So you have > something somewhat above 4 bytes of randomness in your seed - perhaps > 8 or 10. That's > much less than even the fairly small 16 bytes of "randomness" you > expose in the > filename. I'm sure you're right about the limited amount of entropy in the initial state, but how much state can be in the prng? > > The random module is entirely deterministic, so once the seed is known > the value you > produce is known too. > > Is 10 bytes enough to thwart your attackers? Hard to say, what does > an attack look like? An attacker could try to gain information from seeing others' results by guessing the filename. an attack would consist of generating a sample file via a web query which might take 1 or 2 seconds; the sequence number could then be seen and if the state established future filenames could be guessed if fastcgi is in operation. In a cgi type scheme that requires searching over the pid space, the time space and some random bits from the OS. I'm not sure such an attack is realistic given the size of the space even in the initial seed. > > If you want the full 16 bytes of unpredictability, why don't you just > read 16 bytes from > /dev/urandom and forget about all the other stuff? > > Jean-Paul I have a vague memory that the original author felt that entropy might run out or something like that so reading from /dev/urandom always was not a good idea. FreeBSD re-uses the entropy, but the end target is Solaris so I'm not really sure about the details of /dev/urandom. -- Robin Becker
Back to comp.lang.python | Previous | Next — Previous in thread | Next in thread | Find similar | Unroll thread
How good is security via hashing Robin Becker <robin@reportlab.com> - 2011-06-07 11:18 +0100
Re: How good is security via hashing Jean-Paul Calderone <calderone.jeanpaul@gmail.com> - 2011-06-07 04:40 -0700
Re: How good is security via hashing Robin Becker <robin@reportlab.com> - 2011-06-07 13:27 +0100
Re: How good is security via hashing Paul Rubin <no.email@nospam.invalid> - 2011-06-07 06:00 -0700
Re: How good is security via hashing Nobody <nobody@nowhere.com> - 2011-06-07 22:23 +0100
Re: How good is security via hashing Paul Rubin <no.email@nospam.invalid> - 2011-06-07 19:38 -0700
Re: How good is security via hashing Nobody <nobody@nowhere.com> - 2011-06-08 08:18 +0100
Re: How good is security via hashing Paul Rubin <no.email@nospam.invalid> - 2011-06-08 00:40 -0700
csiph-web