URL for Yarrow PRNG

From: Josh Daymont (joshd@midgard.net)
Date: 01/11/02 

Date: Thu, 10 Jan 2002 15:23:57 -0800 (PST)
From: Josh Daymont <joshd@midgard.net>
To: Ryan M Harris <rmharris@acdinc.net>

Ryan,

My apologies, today has been rather hectic and I forgot to include a URL
for the Yarrow PRNG. You can find all the information you'll ned at:

http://www.counterpane.com/yarrow.html

-Josh Daymont

On Thu, 10 Jan 2002, Josh Daymont wrote:

>
> The rand(3) function on nearly any commercial OS will be easily guessable
> by an attacker. Ditto for the remote IP and almost any other "static
> machine state" derived information. Hopefully you aren't relying on these
> kinds of session Ids to protect anything that holds client information,
> trade secrets and/or credit cards.
>
> I'd recommend that you look into something allow the lines of Yarrow.
>
>
> explanation of the security of the rand(3) call:
>
> For most operating systems, the rand(3) libcall is implemented using a
> linear congruential generator (LCG). These kinds of functions are easily
> broken by an attacker after getting only two known consecutive outputs.
> Breaking such a function doesn't involve any advanced math and can be
> easily understood by anyone who knows basic modular arithmetic and high
> school algebra.
>
> Some newer linux distributions use an additive generator based on the
> random(3) call. This implementation is slightly more secure than the
> linear congruential generators but is still easily broken in under 100
> known consecutive outputs, making it unusable for generating secure PRNs.
> The math involved in breaking this kind of a generator is even simpler
> than for a LCG.
>
> Moral of the story: just because a random number generator advertises
> itself as "more random" or "more secure" than a known insecure PRNG
> doesn't mean that it provides an adquate level of security.
>
> -Josh Daymont
>
> On Thu, 10 Jan 2002, Ryan M Harris wrote:
>
> > What is the most secure way of generating a session number?
> >
> > I have used the following formula in the past. Is it secure (from a
> > randomness perspective)? Any way to make it more secure/random?
> >
> > sessionid = md5( <REMOTE_IP> + REMOTE_USER_AGENT> + rand() (5 bytes from
> > here) + microtime() )
> >
> > Ryan M Harris
> >
> >
>
>

Relevant Pages

  • Re: Safe session IDs
    ... broken by an attacker after getting only two known consecutive outputs. ... Breaking such a function doesn't involve any advanced math and can be ... Some newer linux distributions use an additive generator based on the ... making it unusable for generating secure PRNs. ...
    (SecProg)
  • Re: entropy of /dev/random vs. openssl rand
    ... random number generator is as secure as a true random number generator for ... as most distros seem to do at shutdown and boot does not count as secure. ... attempt to overwrite that file? ... key loop devices, use /dev/urandom. ...
    (Linux-Kernel)
  • Re: Secure hash function and AES
    ... I need a secure, but easy to calculate hash function for wireless ... sensor network. ... I may using AES128 and a random number generator. ... -Encrypt x with key x XOR r. ...
    (sci.crypt)
  • Re: Random Number Generation -----> Hardware or Software?
    ... > long repeat cycle. ... The pattern is not random. ... Whetever some generator is random vs secure is entirely ...
    (comp.arch.embedded)