From: Jan P. Monsch (jan.monsch@iplosion.com)
Date: Sat Dec 16 2006 - 19:19:27 EST
Hi
In my review practice I often have to look at Java source code which is used
to generate passwords, authentication tokens or session ids. Ever so often
this code uses the Java API class java.util.Random to generate random
numbers. It is well-established in security industry that this particular
random generator is not secure. Since I did not know what the reason is for
this perception I started to have a closer look.
During the review of the Java API source code I discovered two
vulnerabilities which cause the internal state of java.util.Random to be
partially exposed or easy guessable. Following paper "Ruining Security with
java.util.Random" demonstrates two techniques how security mechanisms based
on java.util.Random can be attacked and under certain conditions can be
broken within seconds:
http://www.iplosion.com/papers/ruining_security_with_java.util.random_v1.0.p
df
Using these weaknesses an attacker can synchronize into the stream of random
numbers and therefore calculate all future random numbers. For security
relevant code java.util.Random should never be used. At least the Java class
java.security.SecureRandom with the default constructor should be utilized.
This provides much better security.
If you know about other vulnerabilities in the design of java.util.Random or
you know about vulnerabilities in java.security.SecureRandom I would be
happy to hear about it.
Kind regards
Jan P. Monsch
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:27 EDT