Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: SNI-12: BIND Vulnerabilities and Solutions
From: daw () CS BERKELEY EDU (David Wagner)
Date: Wed, 23 Apr 1997 00:52:49 -0700


In article <199704230609.AAA19514 () cvs openbsd org>,
Theo de Raadt  <deraadt () CVS OPENBSD ORG> wrote:
It attempts to make the query ID unpredictable, but fails -- the "random"
numbers it generates are still predictable (after a trivial 2^16 offline
trials).

Did you include all the details included in res_random.c such as the
code which causes the entire system is reset with whole new seeds
after a fixed period of time (300 seconds is it)?  You can predict a
sequence and feed it the next few numbers before the generator reseeds
itself?

Sure.  Any real attack would be automated.  300 seconds is an eternity,
in computer time.  The 2^16 trials for prediction is easily doable in a
fraction of a second.

And the seeding is terrible -- two years ago Netscape used
timeofday and pid to seed their PRNG, too, and look what happened to them.

Hey, I make no apologies for operating systems that ship without a
source of strong(ish) random numbers in their libc!

If Netscape had used that excuse, they'd have been crucified.

Let's not get into the blame game.  My concern is that the patch, as
provided, won't fix the predictable-query-ID hole on most systems, and
folks need to know this.



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]