Re: SNI-12: BIND Vulnerabilities and Solutions

[daw () CS BERKELEY EDU (David Wagner)]

In article <199704230609.AAA19514 () cvs openbsd org>,
Theo de Raadt  <deraadt () CVS OPENBSD ORG> wrote:
> > It attempts to make the query ID unpredictable, but fails -- the "random"
> > numbers it generates are still predictable (after a trivial 2^16 offline
> > trials).
>
> Did you include all the details included in res_random.c such as the
> code which causes the entire system is reset with whole new seeds
> after a fixed period of time (300 seconds is it)?  You can predict a
> sequence and feed it the next few numbers before the generator reseeds
> itself?

Sure.  Any real attack would be automated.  300 seconds is an eternity,
in computer time.  The 2^16 trials for prediction is easily doable in a
fraction of a second.

> > And the seeding is terrible -- two years ago Netscape used
> > timeofday and pid to seed their PRNG, too, and look what happened to them.
>
> Hey, I make no apologies for operating systems that ship without a
> source of strong(ish) random numbers in their libc!

If Netscape had used that excuse, they'd have been crucified.

Let's not get into the blame game.  My concern is that the patch, as
provided, won't fix the predictable-query-ID hole on most systems, and
folks need to know this.