How to construct random functions
Journal of the ACM (JACM)
The cryptographic security of truncated linearly related variables
STOC '85 Proceedings of the seventeenth annual ACM symposium on Theory of computing
Mersenne twister: a 623-dimensionally equidistributed uniform pseudo-random number generator
ACM Transactions on Modeling and Computer Simulation (TOMACS) - Special issue on uniform random number generation
Segment LLL-Reduction of Lattice Bases
CaLC '01 Revised Papers from the International Conference on Cryptography and Lattices
Secret linear congruential generators are not cryptographically secure
SFCS '87 Proceedings of the 28th Annual Symposium on Foundations of Computer Science
On stern's attack against secret truncated linear congruential generators
ACISP'05 Proceedings of the 10th Australasian conference on Information Security and Privacy
Randomly failed! the state of randomness in current java implementations
CT-RSA'13 Proceedings of the 13th international conference on Topics in Cryptology
Hi-index | 0.00 |
We provide a number of practical techniques and algorithms for exploiting randomness vulnerabilities in PHP applications. We focus on the predictability of password reset tokens and demonstrate how an attacker can take over user accounts in a web application via predicting or algorithmically derandomizing the PHP core randomness generators. While our techniques are designed for the PHP language, the principles behind our techniques and our algorithms are independent of PHP and can readily apply to any system that utilizes weak randomness generators or low entropy sources. Our results include: algorithms that reduce the entropy of time variables, identifying and exploiting vulnerabilities of the PHP system that enable the recovery or reconstruction of PRNG seeds, an experimental analysis of the Håstad-Shamir framework for breaking truncated linear variables, an optimized online Gaussian solver for large sparse linear systems, and an algorithm for recovering the state of the Mersenne twister generator from any level of truncation. We demonstrate the gravity of our attacks via a number of case studies. Specifically, we show that a number of current widely used web applications can be broken using our techniques including Mediawiki, Joomla, Gallery, osCommerce and others.