how rand (timestamp) works if running on webserver?
while studying some security things, there was a question that one can guess the generation of some sequence for rand (timestamp) running in webserver. He said that our first goal should crash the server (assuming that server will get up in 1 min), we can sync our generator with server and then开发者_开发问答 rand (timestamp) generated by the webserver could be same with our generator.
I am confuse, if we have a function rand (timestamp) would not it be depend on system timestamp or on server "up time" stamp?
P.S: Asking a general question - its not dependent if it is in JAVA/PHP/ASP. Just asking how webserver/compiler work for such code?
May be its vague question but i would like to make clarification.
The default behaviour of many implementions of rand()
, is to use the system time as a seed if a seed value is not supplied. Even if that is not the default behaviour, it is almost guaranteed that an application will pass the system time to srand()
as a seed to randomise the sequence.
So, if you know the precise system time, you can generate the same sequence that would be produced from the remote system calling rand()
. Several years ago, an online casino was attacked using this random sequence prediction technique.
The solution is two-fold: derive the seed from a non-predictable hardware source (there are commercial units to this) AND use the longest pseudo-number generator available.
There have been many questions on SO on the topic of hardware generators, for instance:
What Type of Random Number Generator is Used in the Gaming Industry?
Alternative Entropy Sources
rand() returns a pseudo random number. The pseudo random number generator is typically initialized with a seed. If two instances of the pseudo random generator are initialized with the same seed, then they will produce the same sequence on successive calls to rand.
By crashing the server, you are forcing the application to initialize the pseudo random generator with the current unix timestamp since that is what it uses as seed. An attacker can easily guess the seed/timestamp in a few attempts (server may use ntp which makes it even easier).
That is why it is not a good idea to use the unix timestamp as the seed. In any case for cryptographic uses typically the random number generator that comes with a crypto library is used. For example Openssl has RAND_bytes that makes available cryptographically strong pseudo random bytes. On many unix systems this pseudo random number generator is automatically seeded with bytes from /dev/urandom. See http://www.openssl.org/docs/crypto/RAND_add.html for more details.
精彩评论