[New-bugs-announce] [issue16184] Attack against the pseudorandom number generator

[Yury]

New submission from Yury:

---[ Vulnerability description]

Positive Research experts have detected a vulnerability "Predictable pseudorandom numbers in Python" caused by random.random() output in Python.

By default, Mersenne Twister initialization is done during random module import and then after 312 random.random() calls that allows attackers to predict 313 random number with 2^8 accuracy based on 1, 2, 199, 200, 511, 625 random numbers.

--[Solution]
 
We recommend you to initialize random.seed() after every 312 calls that guarantees enough entropy of Mersenne Twister element statuses.

---[Credits]

Vulnerability was detected by Timur Yunusov, Positive Research Center (Positive Technologies Company)

---

1. In spite of the fact that MT states are initialized correctly, there is a practical method to exploit the vulnerability because of Python web framework peculiarities.
2. The possibility that a random number is among described 256 variants is 12,5% because there are two methods to round off numbers to the certain accuracy. This provides 8 possible variants of existing state_1[2], state_1[397], state_2[397].
You can find the code necessary to demonstrate the vulnerability (vuln.py) and exploit it (brute.py) attached.

----------
components: None
files: POC.zip
messages: 172566
nosy: ymaryshev
priority: normal
severity: normal
status: open
title: Attack against the pseudorandom number generator
type: security
versions: Python 3.3
Added file: http://bugs.python.org/file27514/POC.zip

_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue16184>
_______________________________________