Information Assurance |
Matthew Steckman |
Information AssuranceBugtraq AnalysisProblems with Randomness |
April 5, 2006 What the problem is A problem in a common random number generator called bash $RANDOM was found. The problem was not located in the algorithm itself, but was caused by user stupidity. Multiple online sources suggest using this line to seed the generator with a random number, SEED=$(head -1 /dev/urandom | od -N 1 | awk '{ print $2 }'), but, when you translate this line it gives a random number from 0-255 which was obviously not the intention of those suggesting its use. Because it looks complicated, we assume it chooses a random number to seed the generator from a much larger group of numbers. Because of the prominence of the suggestion on the internet, this flaw has caused seeding problems which could easily be found vulnerable by seeding a generator with all 256 seed possibilities and then analyzing the sequence (a race scenario?). What could have prevented it The author suggests this line to seed the generator, SEED=$(head -c4 /dev/urandom | od -t u4 | awk '{ print $2 }'), which gives a random number from 0-2^32, which is much more secure than 256 numbers. What can be done to work around it We can work around this by analyzing our seed for randomness. We can also use a combination of seeds to increase the randomness. Also, relying on hardware states has shown to be reliable when looking for random seeds. What can be done to prevent it from occurring in the future Coming up with random numbers is proving to be essential for many security processes. Developing truly random seeds and generators will continue to be a challenge for developers. Using seeds from hardware oriented sources seems to provide more randomness but we can never be sure. Research in randomness begs the question, how random is enough randomness for security? This is a balance which must be struck on a case by case basis for individual entities based on the sensitivity of their data. |