tags:

views:

140

answers:

2
Q: 

how rand (timestamp) works if running on webserver?

while studying some security things, there was a question that one can guess the generation of some sequence for rand (timestamp) running in webserver. He said that our first goal should crash the server (assuming that server will get up in 1 min), we can sync our generator with server and then rand (timestamp) generated by the webserver could be same with our generator.

I am confuse, if we have a function rand (timestamp) would not it be depend on system timestamp or on server "up time" stamp?

P.S: Asking a general question - its not dependent if it is in JAVA/PHP/ASP. Just asking how webserver/compiler work for such code?

May be its vague question but i would like to make clarification.

+2  A: 

The default behaviour of many implementions of rand(), is to use the system time as a seed if a seed value is not supplied. Even if that is not the default behaviour, it is almost guaranteed that an application will pass the system time to srand() as a seed to randomise the sequence.

So, if you know the precise system time, you can generate the same sequence that would be produced from the remote system calling rand(). Several years ago, an online casino was attacked using this random sequence prediction technique.

The solution is two-fold: derive the seed from a non-predictable hardware source (there are commercial units to this) AND use the longest pseudo-number generator available.

There have been many questions on SO on the topic of hardware generators, for instance:

Mitch Wheat  2010-02-12 00:36:54
alee  2010-02-12 00:39:57
if you know how exactly many calls to rand are being made you can reproduce it exactly, otherwise you know the sequence of rand values and can try them in turn from a certain point...
Mitch Wheat  2010-02-12 00:42:32
so lets say, i create a generator to generate keys, then i would be sure that there could be at least one key from this sequence of keys, which will work for ? Right?so what should be ideal solution for that? having a database entry for temporary key against a user - but still its exploitable, isn't it?
alee  2010-02-12 00:45:00
the solution is twofold: use the longest psudo-number generator available, AND derive the seed from a non-predictable hardware source (there are commercial units to this). Several years ago, a casino was attacked using this randam prediction technique.
Mitch Wheat  2010-02-12 00:47:54
BTW, "create a generator to generate keys" - resist the urge to write your own random number algorithm at all costs. It won't be.
Mitch Wheat  2010-02-12 00:48:48
can you elaborate "non-predictable hardware source" ?
alee  2010-02-12 00:53:38
would not it be a nice idea to use the "old password" as the seed to generate the key to retrieve the new password?since the attacker would nto be able to predict the old password so he would not be able to know the new key. but by this way, the key that would be generated would remain the same .. :s
alee  2010-02-12 00:57:13
@alee: no, I suspect not.
Mitch Wheat  2010-02-12 01:01:10
A: 

rand() returns a pseudo random number. The pseudo random number generator is typically initialized with a seed. If two instances of the pseudo random generator are initialized with the same seed, then they will produce the same sequence on successive calls to rand.

By crashing the server, you are forcing the application to initialize the pseudo random generator with the current unix timestamp since that is what it uses as seed. An attacker can easily guess the seed/timestamp in a few attempts (server may use ntp which makes it even easier).

That is why it is not a good idea to use the unix timestamp as the seed. In any case for cryptographic uses typically the random number generator that comes with a crypto library is used. For example Openssl has RAND_bytes that makes available cryptographically strong pseudo random bytes. On many unix systems this pseudo random number generator is automatically seeded with bytes from /dev/urandom. See http://www.openssl.org/docs/crypto/RAND_add.html for more details.

mar  2010-02-12 05:56:45

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases