Message 172566 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	ymaryshev
Recipients	ymaryshev
Date	2012-10-10.11:18:47
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1349867928.2.0.793137893285.issue16184@psf.upfronthosting.co.za>
In-reply-to

Content
---[ Vulnerability description] Positive Research experts have detected a vulnerability "Predictable pseudorandom numbers in Python" caused by random.random() output in Python. By default, Mersenne Twister initialization is done during random module import and then after 312 random.random() calls that allows attackers to predict 313 random number with 2^8 accuracy based on 1, 2, 199, 200, 511, 625 random numbers. --[Solution] We recommend you to initialize random.seed() after every 312 calls that guarantees enough entropy of Mersenne Twister element statuses. ---[Credits] Vulnerability was detected by Timur Yunusov, Positive Research Center (Positive Technologies Company) --- 1. In spite of the fact that MT states are initialized correctly, there is a practical method to exploit the vulnerability because of Python web framework peculiarities. 2. The possibility that a random number is among described 256 variants is 12,5% because there are two methods to round off numbers to the certain accuracy. This provides 8 possible variants of existing state_1[2], state_1[397], state_2[397]. You can find the code necessary to demonstrate the vulnerability (vuln.py) and exploit it (brute.py) attached.

---[ Vulnerability description]

Positive Research experts have detected a vulnerability "Predictable pseudorandom numbers in Python" caused by random.random() output in Python.

By default, Mersenne Twister initialization is done during random module import and then after 312 random.random() calls that allows attackers to predict 313 random number with 2^8 accuracy based on 1, 2, 199, 200, 511, 625 random numbers.

--[Solution]
 
We recommend you to initialize random.seed() after every 312 calls that guarantees enough entropy of Mersenne Twister element statuses.

---[Credits]

Vulnerability was detected by Timur Yunusov, Positive Research Center (Positive Technologies Company)

---

1. In spite of the fact that MT states are initialized correctly, there is a practical method to exploit the vulnerability because of Python web framework peculiarities.
2. The possibility that a random number is among described 256 variants is 12,5% because there are two methods to round off numbers to the certain accuracy. This provides 8 possible variants of existing state_1[2], state_1[397], state_2[397].
You can find the code necessary to demonstrate the vulnerability (vuln.py) and exploit it (brute.py) attached.

History
Date	User	Action	Args
2012-10-10 11:18:48	ymaryshev	set	recipients: + ymaryshev
2012-10-10 11:18:48	ymaryshev	set	messageid: <1349867928.2.0.793137893285.issue16184@psf.upfronthosting.co.za>
2012-10-10 11:18:48	ymaryshev	link	issue16184 messages
2012-10-10 11:18:47	ymaryshev	create