« Tools: Grendel Scanner a new Web Application Security Scanner | Main | Whitepaper: Bypassing ASP .NET “ValidateRequest” for Script Injection Attacks »

Attacking PHP weak PRNGs: mt_srand and not so random numbers

Stefan Esser has written a great article on attacking php PRNG's.

"PHP comes with two random number generators named rand() and mt_rand(). The first is just a wrapper around the libc rand() function and the second one is an implementation of the Mersenne Twister pseudo random number generator. Both of these algorithms are seeded by a single 32 bit dword when they are first used in a process or one of the seeding functions srand() or mt_srand() is called.

Because of such a short seed it should be obvious to everyone that neither rand() nor mt_rand() are random enough for cryptographic usages. However web application programmers tend to use rand() or mt_rand() to create cryptographic secrets like passwords, activation keys, autologin cookies or session identifiers. In many situations this seems secure enough, because not only a 32 bit seed needs to be guessed but also the amount of previously generated random numbers. Therefore bruteforcing seems impractical.

There are however several situations and conditions that make bruteforcing feasible or not required at all."

Article: http://www.suspekt.org/2008/08/17/mt_srand-and-not-so-random-numbers/


Feed You can follow this conversation by subscribing to the comment feed for this post.

All Comments are Moderated and will be delayed!