Bugtraq mailing list archives

Random seed (fwd)

From: darrell () TELEPORT COM (Darrell Fuhriman)
Date: Mon, 25 Sep 1995 14:25:49 -0700

---------- Forwarded message ----------
Date: Mon, 25 Sep 1995 09:32:20 -0700
From: Taher ElGamal <elgamal () netscape com>
To: www-security () ns2 rutgers edu
Subject: Random seed

We are in the process of implementing the fix to our recently discovered
security vulnerability. The fix is largely system dependent and we want to
enlist the help of your best technical people to insure that we're doing
everything we can to fix the problem. Please forward the enclosed proposal
to the appropriate technical people inside your company as soon as possible
and urge them to respond as quickly as possible. We are  moving to fix this
very quickly in our software, the next 24 hours are crtitical and your
feedback in that timeframe would be most appreciated. Please send all
feedback to elgamal () netscape com.

Thanks,

Please see     ftp://ftp1.netscape.com/pub/review/RNGsrc.tar.Z, for the soirce.

Any feedback is welcome. Feel free t redistribute this message to anyone.

Enclosed is our proposal for addressing the need of finding more sources of
random information in your system's environment.

Netscape is available on Macs, Win-16 and Win-32 versions and 8 different
UNIX platforms. The exact details for each platform are quite system
specific. The basic idea is to feed a sequence of information into the MD5
hash, expecting that some of the bits for each sub-sequence would be
unguessable.

  At program start

    On all platforms:

Start with the contents of the highest resolution clock we can find on the
system. [For instance, an R4000 MIPS processor has a free-running
instruction counter. At 100 Mhz this gets incremented every 10 nano-seconds.
There are probably a good 20 bits of unguessable value there.] On Macs there
are "tick" counters that update 60 (or maybe only 16) times a second. We
then push through the time of day, because on some sytems, the microsecond
part of a time_val has some bits that are only guessable. On Windows
systems, there is a 1.28MHz clock that is updated every 0.8 microsec.

For the first 100 to 500 system events, the high frequency clock is recorded
and fed into the hash function. This is done to generate enough
unpredictable bits for an out-of-the-box experience, where the customer does
not have enough unpredictability in the system info.

    For UNIX we feed the following into the MD5 hash:

        ps (-el or aux depending upon system)
        netstat -ni & netstat -na
        the user's environment. (We will certainly use this as well in the 2.0
release. The truly paranoid will be able to run whatever seed generator they
want and stick the result into their environment. How you protect your
environment from attack is up to you. ;-)

        System specific info such as hardware serial number or system id. If you
have specific suggestions for any particular OS/hardware pair, please let me
know.

    For PCs

        Cursor position
        Global memory status
        FreeSpace
        Drive configuration
        Number of running tasks
        Environment strings
        UUIDCreate if there is an ethernet card
        Clipboard owner and contents
        Current process, processID and window
        Free clusters on the disk

    For MACs:

        Machine location (longitude and latitude)
        User name
        Mouse location
        keyboard time threshhold
        last key pressed
        audio volume
        current directory
        current process
        process information for every task  on the system
        stack limits
        zones
        scrap sizes and counts
        event queue

    And then on all platforms

        The stat (file access, creation, modify times, size, inode equivalent) and
contents of a number of "interesting" files. [Where is the PGP random number
state file stored?]
        A portion of the contents of the screen.
        And finally, the contents of the highest resolution clock we    can find.

  Each time the client goes idle

    Reinitialize the seed with the most recent user event (probably a button
or key down) along with the mouse position, and and relatively high
resolution clocks.

Taher Elgamal                   elgamal () netscape com
Chief Scientist
Netscape Comm Corp., 501 E Middlefield Road, Mountain View Ca 94043.
(415) 528 2898 (Tel),          (415) 528 4122 (Fax)

Current thread:

Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995, (continued)
- - Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Scott Barman (Sep 18)
  - Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Karl Strickland (Sep 18)
  - Netscape SSL implementation cracked! (fwd) sameer (Sep 18)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Paul Ashton (Sep 18)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 andy () btc uwe ac uk (Sep 19)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Goetz von Escher (Sep 19)
  - Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Ian MacPhedran (Sep 20)
  - Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Casper Dik (Sep 21)
    - Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Pat The Friendly RedNeck (Sep 22)
    - Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Casper Dik (Sep 25)
    - Random seed (fwd) Darrell Fuhriman (Sep 25)
  - Ray Cromwell: YET ANOTHER BAD NETSCAPE HOLE! Perry E. Metzger (Sep 22)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Sten Gunterberg (Sep 21)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Jim Shankland (Sep 22)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 andy () BTC UWE AC UK (Sep 25)