Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: bind() Security Problems
From: baba () beckman uiuc edu (Baba Z Buehler)
Date: Mon, 5 Feb 1996 10:27:17 -0600


General Scirocco <sciri () newhackcity net> writes:

        Cracking the MIT-MAGIC-COOKIE-1 authorization protocol.

1) Auth-data is generated from 16 successive random numbers.
   MIT-MAGIC-COOKIE-1 can use 2 different methods of seeding the random
   number generator:

        a) Using the process ID of xdm client & time of day in seconds
        b) Using the time of day in seconds & time of day in microseconds
           (that connection was established).

I believe that xdm is what is generating the cookies in these ways... this is
why my login scripts make my cookies...


 randomkey=$( (ps -aewl;netstat -i;netstat -t;date) | md5 );
 xauth add $(hostname)/unix:0 . $randomkey
 xauth add $(hostname):0 . $randomkey
 unset randomkey


While generating more secure cookies, this still doesn't prevent sniffing and
hijacking.

b
--
# Baba Z Buehler - 'Hackito Ergo Sum'
# Beckman Institute Systems Services, Urbana Illinois
#
#  "I only use my gun when kindness fails"
#                                -- Robert Earl Keen, Jr.
#
# PGP public key on WWW homepage and key servers (key id: C13D8EE1)
# WWW: http://www.beckman.uiuc.edu/~baba/



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]