Randomness Attacks


[back to CODAMODA project]

Proof of concept regarding the attacks affecting PHP applications and a description of the mathematics behind them will be presented in :

George Argyros and Aggelos Kiayias, I Forgot Your Password: Randomness Attacks Against PHP Applications, USENIX Security, Bellevue, WA, August 8–10, 2012.

A full version of the paper [pdf]


1. Our Mersenne Twister “derandomizer” : https://github.com/GeorgeArgyros/mt_derand [May 2014]

2. A function for producing better random bytes in PHP is published in github.

3. Snowflake, is available in github. This tool will assist the creation of seed recovery attacks; all necessary documentation is available in the README file. Software that will come in the following days: (*) The online gaussian solver along with a python interface in order to mount state recovery attacks against Mersenne Twister generators. (*). A python based library to create bruteforcing exploits in order to exploit vulnerabilities which include time entropy where we might need to make several thousand requests.


A number of popular web-applications are affected. See the following: