How good is security via hashing

Robin Becker robin at reportlab.com
Tue Jun 7 08:27:59 EDT 2011 

On 07/06/2011 12:40, Jean-Paul Calderone wrote:
astcgi and the
>> initialization is only carried out once and then say 50 rrr values are generated.
>
> How much randomness do you actually have in this scheme?  The PID is
> probably difficult
> for an attacker to know, but it's allocated roughly monotonically with
> a known
> wrap-around value.  The time is probably roughly known, so it also
> contributes less
> than its full bits to the randomness.  Only dur is really
> unpredictable.  So you have
> something somewhat above 4 bytes of randomness in your seed - perhaps
> 8 or 10.  That's
> much less than even the fairly small 16 bytes of "randomness" you
> expose in the
> filename.

I'm sure you're right about the limited amount of entropy in the initial state, 
but how much state can be in the prng?

>
> The random module is entirely deterministic, so once the seed is known
> the value you
> produce is known too.
>
> Is 10 bytes enough to thwart your attackers?  Hard to say, what does
> an attack look like?
An attacker could try to gain information from seeing others' results by 
guessing the filename.

an attack would consist of generating a sample file via a web query which might 
take 1 or 2 seconds; the sequence number could then be seen and if the state 
established future filenames could be guessed if fastcgi is in operation.

In a cgi type scheme that requires searching over the pid space, the time space 
and some random bits from the OS.

I'm not sure such an attack is realistic given the size of the space even in the 
initial seed.

>
> If you want the full 16 bytes of unpredictability, why don't you just
> read 16 bytes from
> /dev/urandom and forget about all the other stuff?
>
> Jean-Paul
I have a vague memory that the original author felt that entropy might run out 
or something like that so reading from /dev/urandom always was not a good idea.

FreeBSD re-uses the entropy, but the end target is Solaris so I'm not really 
sure about the details of /dev/urandom.
-- 
Robin Becker

More information about the Python-list mailing list