mailing list archives
Random seed (fwd)
From: darrell () TELEPORT COM (Darrell Fuhriman)
Date: Mon, 25 Sep 1995 14:25:49 -0700
---------- Forwarded message ----------
Date: Mon, 25 Sep 1995 09:32:20 -0700
From: Taher ElGamal <elgamal () netscape com>
To: www-security () ns2 rutgers edu
Subject: Random seed
We are in the process of implementing the fix to our recently discovered
security vulnerability. The fix is largely system dependent and we want to
enlist the help of your best technical people to insure that we're doing
everything we can to fix the problem. Please forward the enclosed proposal
to the appropriate technical people inside your company as soon as possible
and urge them to respond as quickly as possible. We are moving to fix this
very quickly in our software, the next 24 hours are crtitical and your
feedback in that timeframe would be most appreciated. Please send all
feedback to elgamal () netscape com
Please see ftp://ftp1.netscape.com/pub/review/RNGsrc.tar.Z, for the soirce.
Any feedback is welcome. Feel free t redistribute this message to anyone.
Enclosed is our proposal for addressing the need of finding more sources of
random information in your system's environment.
Netscape is available on Macs, Win-16 and Win-32 versions and 8 different
UNIX platforms. The exact details for each platform are quite system
specific. The basic idea is to feed a sequence of information into the MD5
hash, expecting that some of the bits for each sub-sequence would be
At program start
On all platforms:
Start with the contents of the highest resolution clock we can find on the
system. [For instance, an R4000 MIPS processor has a free-running
instruction counter. At 100 Mhz this gets incremented every 10 nano-seconds.
There are probably a good 20 bits of unguessable value there.] On Macs there
are "tick" counters that update 60 (or maybe only 16) times a second. We
then push through the time of day, because on some sytems, the microsecond
part of a time_val has some bits that are only guessable. On Windows
systems, there is a 1.28MHz clock that is updated every 0.8 microsec.
For the first 100 to 500 system events, the high frequency clock is recorded
and fed into the hash function. This is done to generate enough
unpredictable bits for an out-of-the-box experience, where the customer does
not have enough unpredictability in the system info.
For UNIX we feed the following into the MD5 hash:
ps (-el or aux depending upon system)
netstat -ni & netstat -na
the user's environment. (We will certainly use this as well in the 2.0
release. The truly paranoid will be able to run whatever seed generator they
want and stick the result into their environment. How you protect your
environment from attack is up to you. ;-)
System specific info such as hardware serial number or system id. If you
have specific suggestions for any particular OS/hardware pair, please let me
Global memory status
Number of running tasks
UUIDCreate if there is an ethernet card
Clipboard owner and contents
Current process, processID and window
Free clusters on the disk
Machine location (longitude and latitude)
keyboard time threshhold
last key pressed
process information for every task on the system
scrap sizes and counts
And then on all platforms
The stat (file access, creation, modify times, size, inode equivalent) and
contents of a number of "interesting" files. [Where is the PGP random number
state file stored?]
A portion of the contents of the screen.
And finally, the contents of the highest resolution clock we can find.
Each time the client goes idle
Reinitialize the seed with the most recent user event (probably a button
or key down) along with the mouse position, and and relatively high
Taher Elgamal elgamal () netscape com
Netscape Comm Corp., 501 E Middlefield Road, Mountain View Ca 94043.
(415) 528 2898 (Tel), (415) 528 4122 (Fax)