User: Password:
|
|
Subscribe / Log in / New account

Secrecy and the DNS flaw

Secrecy and the DNS flaw

Posted Jul 12, 2008 20:56 UTC (Sat) by njs (guest, #40338)
In reply to: Secrecy and the DNS flaw by copsewood
Parent article: Secrecy and the DNS flaw

Indeed, the study of PRNGs splits into two parts: scientific PRNGs, where the emphasis is on
provable uniformity, provably large period, and speed, versus cryptographic PRNGs, where the
emphasis is on resistance to prediction, judicious incorporation of true entropy, and speed.
As you suggest, since DNS port randomization is effectively using the source port as part of a
secret key, it's important that the the source ports be generated by a cryptographic PRNG.

Fortunately, these days we can build very good PRNGs of both types.  For cPRNGs, the
constructions usually involve using some other crypto algorithm as part of the generation
process (e.g., a strong hash or cipher like SHA-256 or AES).  This is exactly what /dev/random
and /dev/urandom do, and it's what good-quality DNS server implementations will do too.  In
practice, attacking such a PRNG is about as easy as inverting SHA or AES -- not gonna happen.
(And yes, I know that SHA-1 has been recently weakened.)

If you want to know more about these issues, then I can recommend Schneier's paper on
yarrow[1] for a great discussion of the issues faced by such a design, and [2] for a fun and
famous discussion of exploiting such flaws in TCP sequence numbers (with pretty pictures!).

[1] http://www.schneier.com/yarrow.html
[2] http://lcamtuf.coredump.cx/oldtcp/tcpseq.html


(Log in to post comments)

Secrecy and the DNS flaw

Posted Jul 17, 2008 10:29 UTC (Thu) by copsewood (subscriber, #199) [Link]

Thanks for these links which are very interesting.


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds