[Mailman-Developers] Possible yahoogroups problem.

Paul Hoffman / IMC phoffman at imc.org
Fri Jul 11 11:27:01 EDT 2003 

At 4:39 PM -0400 7/10/03, Barry Warsaw wrote:
>On Thu, 2003-07-10 at 15:35, Paul Hoffman / IMC wrote:
>
>>  - Can random.random() run out of randomness? That is, if you bombard
>>  the machine with requests that call random.random(), will it start
>>  sending out predictable responses?
>
>Any pseudo random number generate can, right?

Some PRNGs have failure modes which become easily predictable. These 
are almost always triggered when the source of random bits is 
exhausted. If you ask for too much randomness too quickly, you can 
start getting predictable data. Well-written PRNGs are smarter than 
this: they put out not-very-random but very-random-looking values, 
usually based on "hash of ( the last random value | current time | 
job number )".

>   Python 2.2's RNG has 45
>bits of randomness, Python 2.3's 53 bits.  The latter uses the Mersenne
>Twister algorithm which I'm told is the state of the art.

Then this is sufficient. And so is 45 bits of randomness.

>  > - What is the granularity of the server's current time? If it is
>>  "seconds", this is becomes easily predictable to an attacker. Even if
>>  it is "hundredths of seconds", that only means that the attacker has
>>  to send one or two hundred attempts for each confirmation. Unless
>>  Mailman notes "failed attempt to confirm a subscription", this could
>>  be lost in the noise.
>
>Depends on the server OS.  We probably only care about *nix systems, but
>I'm sure there's variability even within that family.  On Linux, I
>believe there is a 1us resolution for time.time() which uses
>gettimeofday().

As long as your random value has 45 bits of randomness (and none of 
those bits rely on the time!), then it doesn't matter how predictable 
your time value is.

>  > - How many bits of the hash are used? I ask because many programs
>>  that use hashes will not use the whole hash.
>
>We use all 160 bits of the sha hash.

Good!

In summary, assuming that the first answer above (about the 
pseudo-random number generator) is correct and it gives 45 bits of 
randomness at each invocation, there is no way that an attacker can 
attack the auto-responder without sending about 35 trillion messages.

--Paul Hoffman, Director
--Internet Mail Consortium

More information about the Mailman-Developers mailing list