Showing posts with label two. Show all posts
Showing posts with label two. Show all posts
Saturday, April 15, 2017
New UK Guardian interview with Albert Woodfox two months after his release
New UK Guardian interview with Albert Woodfox two months after his release
In a UK Guardian article published today, Albert Woodfox reflects upon two months of life outside of prison walls and solitary confinement. The article concludes with the following excerpt:
The most disturbing part of freedom, Woodfox says, has been the dawning realisation since his release that in America in 2016 there is very little sense of political or social struggle. When he entered prison in the 1970s the country was on fire with political debate; now, as he puts it, “everybody seems to be ‘Me, me, me, me, me.’ It’s all about me, what I need and how I’m going to get it.”
That public indifference has in turn, he believes, allowed solitary confinement to flourish, to the extent that 100,000 Americans are subjected to it each year.
“The people and the government and the courts have turned their back on prisons, and that lets the wardens and officers act as judge, jury and executioner,” he says. “People don’t seem to be socially aware, that’s why solitary confinement exists and why it’s so brutal. Because nobody cares.”
The most disturbing part of freedom, Woodfox says, has been the dawning realisation since his release that in America in 2016 there is very little sense of political or social struggle. When he entered prison in the 1970s the country was on fire with political debate; now, as he puts it, “everybody seems to be ‘Me, me, me, me, me.’ It’s all about me, what I need and how I’m going to get it.”
That public indifference has in turn, he believes, allowed solitary confinement to flourish, to the extent that 100,000 Americans are subjected to it each year.
“The people and the government and the courts have turned their back on prisons, and that lets the wardens and officers act as judge, jury and executioner,” he says. “People don’t seem to be socially aware, that’s why solitary confinement exists and why it’s so brutal. Because nobody cares.”
Available link for download
Saturday, March 4, 2017
Not So Random Numbers Take Two
Not So Random Numbers Take Two
How can we get mt_rand seed via PHPSESSID?
PHPSESSID is generated this way:
md5( client IP . timestamp . microseconds1 . php_combined_lcg() )
- client IP is known to the attacker;
- timestamp is known through Date HTTP-header;
- microseconds1 – a value from 0 to 1000000;
- php_combined_lcg() – an example value is 0.12345678.
To generate php_combined_lcg(), two seeds are used:
S1 = timestamp XOR (microseconds2 << 11)
S2 = pid XOR (microseconds3 << 11)
- timestamp is the same;
- microseconds2 is greater than microseconds1 (when the first time measurement was made) by 0–3;
- pid is the id of the current process (0–32768, 1024–32768 on Unix);
- microseconds3 is greater than microseconds2 by 1–4.
The greatest entropy is contained in microseconds1, however with the use of two techniques it can be substantially reduced.
Adversarial Time Synchronization
The technique is aimed at sending pairs of requests so that to determine the moment when the second in the Date HTTP header changes.
HTTP/1.1 200 OK
Date: Wed, 08 Aug 2012 06:05:14 GMT
…
HTTP/1.1 200 OK
Date: Wed, 08 Aug 2012 06:05:15 GMT
If it happened, the microseconds between our requests zeroed. By sending requests with dynamic delays it is possible to synchronize local value of microseconds with the server one.
Request Twins
The principle of this technique is simple. The attacker needs to send two requests: the first one — to reset their own password and the second one — to reset that of an administrator. The gap between microseconds will be minimal.
To sum up, an MD5 PHPSESSID hash is bruteforced for microseconds, the deltas of subsequent time measurements, and pid. As for pid, the authors have not mentioned such a great helper as Apache server-status which reveals among other information the pids of the processes which serve the requests.
To realize the bruteforce, a module for the popular program PasswordsPro has been initially created. However, this solution made it impossible to take into account the positive linear correlation between deltas of microseconds, so it bruteforced the full range of values. The speed was about 12 million hashes per second.
That is why we created our own GUI application for this task.
The speed is about 16 million hashes per second, seed calculation takes less than an hour on 3.2 GHz Quad Core i5.
Having pid and php_combined_lcg one can compute the seed used in mt_rand. It is generated this way:
(timestamp x pid) XOR (106 x php_combined_lcg())
Besides, php_combined_lcg is used as additional entropy for the uniqid function (if it is called with the second argument being true).
So, if a web application uses standard PHP sessions, it is possible to obtain the random numbers generated via mt_rand(), rand(), and uniqid().
How can we get mt_rand seed through one of the random numbers leakage?
The seed used for mt_rand is an unsigned integer 2^32. If a random number leaked, it is possible to get the seed using PHP itself and rainbow tables. It takes less than 10 minutes.
The scripts to generate rainbow tables, search the seed, and ready-made tables are available here: http://www.gat3way.eu/poc/mtrt/
What to look for in the code?
All the mt_rand(), rand(), uniqid(), shuffle(), lcg_value(), etc. The only secure function is openssl_random_pseudo_bytes(), but it is rarely used in web applications. The main ways of defense against such attacks are the following:
- MySQL function RAND() — it can be also predicted though.
- Suhosin patch — does not patch mt_srand, srand. The Suhosin extension should also be installed.
- /dev/urandom — the securest way.
Arseny Reutov
Timur Yunusov
Dmitry Nagibin
Available link for download
Subscribe to:
Posts (Atom)