Penetration Testing mailing list archives
Ruining Security with java.util.Random
From: "Jan P. Monsch" <jan.monsch () iplosion com>
Date: Sun, 17 Dec 2006 01:19:27 +0100
Hi In my review practice I often have to look at Java source code which is used to generate passwords, authentication tokens or session ids. Ever so often this code uses the Java API class java.util.Random to generate random numbers. It is well-established in security industry that this particular random generator is not secure. Since I did not know what the reason is for this perception I started to have a closer look. During the review of the Java API source code I discovered two vulnerabilities which cause the internal state of java.util.Random to be partially exposed or easy guessable. Following paper "Ruining Security with java.util.Random" demonstrates two techniques how security mechanisms based on java.util.Random can be attacked and under certain conditions can be broken within seconds: http://www.iplosion.com/papers/ruining_security_with_java.util.random_v1.0.p df Using these weaknesses an attacker can synchronize into the stream of random numbers and therefore calculate all future random numbers. For security relevant code java.util.Random should never be used. At least the Java class java.security.SecureRandom with the default constructor should be utilized. This provides much better security. If you know about other vulnerabilities in the design of java.util.Random or you know about vulnerabilities in java.security.SecureRandom I would be happy to hear about it. Kind regards Jan P. Monsch ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
Current thread:
- Ruining Security with java.util.Random Jan P. Monsch (Dec 16)