Randomness Attacks

 

[back to CODAMODA project]


Proof of concept regarding the attacks affecting PHP applications and a description of the mathematics behind them will be presented in :


George Argyros and Aggelos Kiayias, I Forgot Your Password: Randomness Attacks Against PHP Applications, USENIX Security, Bellevue, WA, August 8–10, 2012.

A full version of the paper [pdf]


Software:


1. Our Mersenne Twister “derandomizer” : https://github.com/GeorgeArgyros/mt_derand [May 2014]


2. A function for producing better random bytes in PHP is published in github.


3. Snowflake, is available in github. This tool will assist the creation of seed recovery attacks; all necessary documentation is available in the README file. Software that will come in the following days: (*) The online gaussian solver along with a python interface in order to mount state recovery attacks against Mersenne Twister generators. (*). A python based library to create bruteforcing exploits in order to exploit vulnerabilities which include time entropy where we might need to make several thousand requests.


Impact:

A number of popular web-applications are affected. See the following:


http://developer.joomla.org/security/news/396-20120305-core-password-change.html

http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-March/000110.html

http://gallery.menalto.com/gallery_3_0_3_and_gallery_2_3_2