Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  news  community  lists  wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [<thread-prev] [thread-next>] [month] [year] [list] 
Date: Thu, 10 Jul 2008 17:44:45 +0800
From: Eugene Teo <eteo@...hat.com>
To: oss-security@...ts.openwall.com
Subject: Re: DNS vulnerability: other relevant software

Eugene Teo wrote:
> Eugene Teo wrote:
>> Florian Weimer wrote:
>>> * Mark J. Cox:
>>>
>>>>> Additionally, Debian has noted (DSA 1605-1) that the GNU libc stub
>>>>> resolver could benefit from random query source ports as well, but
>>>>> no patches are currently available to implement this:
>>>> Note that GNU libc stub resolver when used with a recent kernel
>>>> (2.6.24+) will give you random UDP source ports on each request
>>>> because of this Linux commit:
>>>>
>>>> http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=32c1da70810017a98aa6c431a5494a302b6b9a30
>>> Is net_random() cryptographically secure?  The paper referenced in the
>>> source doesn't talk about this.
>> It isn't. It's actually a 32-bit pseudo-random number generator AFAIK.

So I spoke to Dave Miller. He said that it is not "cryptographically
secure" to his knowledge, but in his opinion, it is good enough for port
randomisation.

Thanks, Eugene
-- 
Eugene Teo / Red Hat Security Response Team

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux