[Mailman-Developers] Possible yahoogroups problem.
Paul Hoffman / IMC
phoffman at imc.org
Fri Jul 11 11:27:01 EDT 2003
At 4:39 PM -0400 7/10/03, Barry Warsaw wrote:
>On Thu, 2003-07-10 at 15:35, Paul Hoffman / IMC wrote:
>
>> - Can random.random() run out of randomness? That is, if you bombard
>> the machine with requests that call random.random(), will it start
>> sending out predictable responses?
>
>Any pseudo random number generate can, right?
Some PRNGs have failure modes which become easily predictable. These
are almost always triggered when the source of random bits is
exhausted. If you ask for too much randomness too quickly, you can
start getting predictable data. Well-written PRNGs are smarter than
this: they put out not-very-random but very-random-looking values,
usually based on "hash of ( the last random value | current time |
job number )".
> Python 2.2's RNG has 45
>bits of randomness, Python 2.3's 53 bits. The latter uses the Mersenne
>Twister algorithm which I'm told is the state of the art.
Then this is sufficient. And so is 45 bits of randomness.
> > - What is the granularity of the server's current time? If it is
>> "seconds", this is becomes easily predictable to an attacker. Even if
>> it is "hundredths of seconds", that only means that the attacker has
>> to send one or two hundred attempts for each confirmation. Unless
>> Mailman notes "failed attempt to confirm a subscription", this could
>> be lost in the noise.
>
>Depends on the server OS. We probably only care about *nix systems, but
>I'm sure there's variability even within that family. On Linux, I
>believe there is a 1us resolution for time.time() which uses
>gettimeofday().
As long as your random value has 45 bits of randomness (and none of
those bits rely on the time!), then it doesn't matter how predictable
your time value is.
> > - How many bits of the hash are used? I ask because many programs
>> that use hashes will not use the whole hash.
>
>We use all 160 bits of the sha hash.
Good!
In summary, assuming that the first answer above (about the
pseudo-random number generator) is correct and it gives 45 bits of
randomness at each invocation, there is no way that an attacker can
attack the auto-responder without sending about 35 trillion messages.
--Paul Hoffman, Director
--Internet Mail Consortium
More information about the Mailman-Developers
mailing list