Author Topic: blag  (Read 20320 times)

0 Members and 2 Guests are viewing this topic.

Offline Sidoh

  • x86
  • Hero Member
  • *****
  • Posts: 17634
  • MHNATY ~~~~~
    • View Profile
    • sidoh
blag
« on: March 04, 2010, 06:23:45 pm »
I liked your passwords blag.  :)

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: blag
« Reply #1 on: March 04, 2010, 07:03:26 pm »
Thanks! :D

Offline Blaze

  • x86
  • Hero Member
  • *****
  • Posts: 7136
  • Canadian
    • View Profile
    • Maide
Re: blag
« Reply #2 on: March 04, 2010, 07:40:22 pm »
Me too, now that I've read it.  Need a second mirror for the passwords?  :D
And like a fool I believed myself, and thought I was somebody else...

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: blag
« Reply #3 on: March 04, 2010, 08:37:34 pm »
Haha, I think I'm ok. Feel free to download them all, though, just in case I get asked to remove them at some point.

Offline rabbit

  • x86
  • Hero Member
  • *****
  • Posts: 8092
  • I speak for the entire clan (except Joe)
    • View Profile
Re: blag
« Reply #4 on: March 04, 2010, 10:07:08 pm »
Er....what?

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: blag
« Reply #5 on: March 05, 2010, 12:05:17 am »

Offline Ender

  • x86
  • Hero Member
  • *****
  • Posts: 2390
    • View Profile
Re: blag
« Reply #6 on: March 05, 2010, 12:11:33 am »
iago, I just wanted to use this opportunity to thank you so much for everything that you've done for me.

Offline rabbit

  • x86
  • Hero Member
  • *****
  • Posts: 8092
  • I speak for the entire clan (except Joe)
    • View Profile
Re: blag
« Reply #7 on: March 05, 2010, 12:39:10 am »

Offline Sidoh

  • x86
  • Hero Member
  • *****
  • Posts: 17634
  • MHNATY ~~~~~
    • View Profile
    • sidoh
Re: blag
« Reply #8 on: March 05, 2010, 12:48:05 am »
omg... WTF MAN??????  YOU MISSED AN XKCD REFERENCE. I HATE YOU FOREVER


http://xkcd.com/148/

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: blag
« Reply #9 on: March 05, 2010, 08:28:44 am »
Heh, when I hear 'blag' I think of a show that none of you (except Blaze) have ever heard of, probably: Corner Gas.

Offline Sidoh

  • x86
  • Hero Member
  • *****
  • Posts: 17634
  • MHNATY ~~~~~
    • View Profile
    • sidoh
Re: blag
« Reply #10 on: March 05, 2010, 01:07:40 pm »
Heh, when I hear 'blag' I think of a show that none of you (except Blaze) have ever heard of, probably: Corner Gas.


I think I've even watched an episode, but that's only because you made me. :)

Offline while1

  • x86
  • Hero Member
  • *****
  • Posts: 1013
    • View Profile
Re: blag
« Reply #11 on: March 14, 2010, 11:32:45 pm »
rabbot fails.
I tend to edit my topics and replies frequently.

http://www.operationsmile.org

Offline Sidoh

  • x86
  • Hero Member
  • *****
  • Posts: 17634
  • MHNATY ~~~~~
    • View Profile
    • sidoh
Re: blag
« Reply #12 on: March 15, 2011, 06:15:51 pm »
I liked the last two posts on your blag.  They were cool.  I especially liked the Taco Bell programming bit.  I've never used xargs in that way, but I definitely will be doing so in the future.

This seems like a solid (ish) way to generate random salts in PHP. Thoughts?

Code: [Select]
$salt = md5(rand() . microtime())

It seems to me that this is about as good as it gets.  Some of the things people come up with are a lot more convoluted than this, which puzzles me.

Offline while1

  • x86
  • Hero Member
  • *****
  • Posts: 1013
    • View Profile
Re: blag
« Reply #13 on: March 15, 2011, 11:10:22 pm »
I liked the last two posts on your blag.  They were cool.  I especially liked the Taco Bell programming bit.  I've never used xargs in that way, but I definitely will be doing so in the future.

This seems like a solid (ish) way to generate random salts in PHP. Thoughts?

Code: [Select]
$salt = md5(rand() . microtime())

It seems to me that this is about as good as it gets.  Some of the things people come up with are a lot more convoluted than this, which puzzles me.

Shit, no wonder my salts always get cracked.

Code: [Select]
$salt = md5(rand() . $penisLen)
I tend to edit my topics and replies frequently.

http://www.operationsmile.org

Offline Sidoh

  • x86
  • Hero Member
  • *****
  • Posts: 17634
  • MHNATY ~~~~~
    • View Profile
    • sidoh
Re: blag
« Reply #14 on: March 15, 2011, 11:12:49 pm »
That code is equivalent to

Code: [Select]
$salt = md5(rand() . 0);
Better than the nonsense code in iago's blog, but could be better.

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: blag
« Reply #15 on: March 16, 2011, 08:56:15 am »
Heh. Salt doesn't have to be strongly random. In fact, salt can be equal to the username, the date, incremental, etc. The only trick with salt is to make sure it's distinct for every user.

Offline Sidoh

  • x86
  • Hero Member
  • *****
  • Posts: 17634
  • MHNATY ~~~~~
    • View Profile
    • sidoh
Re: blag
« Reply #16 on: March 16, 2011, 04:10:00 pm »
Heh. Salt doesn't have to be strongly random. In fact, salt can be equal to the username, the date, incremental, etc. The only trick with salt is to make sure it's distinct for every user.


Yes, of course, but I was more interested in the answer to the question "is that a good random salt?"

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: blag
« Reply #17 on: March 16, 2011, 04:23:52 pm »
Yes, that's a decent way of generating a random value, and it's as good a salt as any! :)

Offline Sidoh

  • x86
  • Hero Member
  • *****
  • Posts: 17634
  • MHNATY ~~~~~
    • View Profile
    • sidoh
Re: blag
« Reply #18 on: March 16, 2011, 04:38:08 pm »
WWiD?

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: blag
« Reply #19 on: March 16, 2011, 06:19:56 pm »
WWiD for what? For a salt value, just pick some kinda-random letters or sequential values. Like I said, as long as no two users have the same salt, there's no bad salting.

Offline Sidoh

  • x86
  • Hero Member
  • *****
  • Posts: 17634
  • MHNATY ~~~~~
    • View Profile
    • sidoh
Re: blag
« Reply #20 on: March 16, 2011, 07:11:45 pm »
WWiD for what? For a salt value, just pick some kinda-random letters or sequential values. Like I said, as long as no two users have the same salt, there's no bad salting.

Hehe... yeah.  I probably shouldn't have used the word "salt" anywhere.  It was misleading

Say you want to generate a random password or something.  How would you do it?  I'd probably just use the line I provided above (or something close to it).

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: blag
« Reply #21 on: March 17, 2011, 12:16:38 am »
Honestly, I don't know what the right answer is. That's why I didn't say in the blog the "right" way.

I think as long as you have a reasonable source of entropy, and a decent RNG, you're okay.

btw, if you're using php, don't use rand(), use mt_rand(). It's better. Also, don't use srand() (I see that you aren't, but you might be using it elsewhere). PHP seeds itself.

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: blag
« Reply #22 on: March 17, 2011, 12:20:57 am »
Btw, here's how smf generates it:

function generateValidationCode()
{
  global $modSettings;

  $request = db_query('
    SELECT RAND()', __FILE__, __LINE__);

  list ($dbRand) = mysql_fetch_row($request);
  mysql_free_result($request);

  return substr(preg_replace('/\W/', '', sha1(microtime() . mt_rand() . $dbRand . $modSettings['rand_seed'])), 0, 10);
}


It uses microtime, mt_rand(), a random value from mysql, and a random seed that's stored in the settings. That'd be extremely difficult to predict.

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: blag
« Reply #23 on: March 17, 2011, 12:27:17 am »
Here's Wordpress:
function wp_rand( $min = 0, $max = 0 ) {
  global $rnd_value;

  // Reset $rnd_value after 14 uses
  // 32(md5) + 40(sha1) + 40(sha1) / 8 = 14 random numbers from $rnd_value
  if ( strlen($rnd_value) < 8 ) {
    if ( defined( 'WP_SETUP_CONFIG' ) )
      static $seed = '';
    else
      $seed = get_transient('random_seed');
    $rnd_value = md5( uniqid(microtime() . mt_rand(), true ) . $seed );
    $rnd_value .= sha1($rnd_value);
    $rnd_value .= sha1($rnd_value . $seed);
    $seed = md5($seed . $rnd_value);
    if ( ! defined( 'WP_SETUP_CONFIG' ) )
      set_transient('random_seed', $seed);
  }

  // Take the first 8 digits for our value
  $value = substr($rnd_value, 0, 8);

  // Strip the first eight, leaving the remainder for the next call to wp_rand().
  $rnd_value = substr($rnd_value, 8);

  $value = abs(hexdec($value));

  // Reduce the value to be within the min - max range
  // 4294967295 = 0xffffffff = max random number
  if ( $max != 0 )
    $value = $min + (($max - $min + 1) * ($value / (4294967295 + 1)));

  return abs(intval($value));
}


I find you can tell when people don't know what they're doing by seeing that they throw a bunch of stuff in there that doesn't add any strength (for example, using both md5 and sha1, calling sha1 multiple times on the same value, etc).

In any case, the key to their security is, in part, that they save $seed across subsequent calls, so every call to the function uses a seed generated by the previous call.
« Last Edit: March 17, 2011, 12:37:06 am by iago »

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: blag
« Reply #24 on: March 17, 2011, 12:36:01 am »
And finally, here's Mediawiki:
  static function randomPassword() {
    global $wgMinimalPasswordLength;
    $pwchars = 'ABCDEFGHJKLMNPQRSTUVWXYZabcdefghjkmnpqrstuvwxyz';
    $l = strlen( $pwchars ) - 1;

    $pwlength = max( 7, $wgMinimalPasswordLength );
    $digit = mt_rand( 0, $pwlength - 1 );
    $np = '';
    for ( $i = 0; $i < $pwlength; $i++ ) {
      $np .= $i == $digit ? chr( mt_rand( 48, 57 ) ) : $pwchars{ mt_rand( 0, $l ) };
    }
    return $np;
  }


It's much simpler, but I'm a little concerned about the strength. Unless a min password length is set, it does 7 characters - 6 letters and a number. That's 197,706,096,640 combinations. So yeah, that's pretty damn big, but not nearly as big as it ought to be. Why in the hell did they put a number in the middle and default it to 7 characters?

Losers. :)

Offline Sidoh

  • x86
  • Hero Member
  • *****
  • Posts: 17634
  • MHNATY ~~~~~
    • View Profile
    • sidoh
Re: blag
« Reply #25 on: March 17, 2011, 02:27:02 am »
Honestly, I don't know what the right answer is. That's why I didn't say in the blog the "right" way.

I think as long as you have a reasonable source of entropy, and a decent RNG, you're okay.

btw, if you're using php, don't use rand(), use mt_rand(). It's better. Also, don't use srand() (I see that you aren't, but you might be using it elsewhere). PHP seeds itself.


Aha, I recall reading that in the docs for rand().  I guess I forgot. :)

Yep, I know about srand.

Heh, mediawiki's is pretty terrible.  People are weird.

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: blag
« Reply #26 on: March 17, 2011, 08:58:09 am »
I'm actually impressed at the effort they went to to intentionally weaken it. :)

Offline Sidoh

  • x86
  • Hero Member
  • *****
  • Posts: 17634
  • MHNATY ~~~~~
    • View Profile
    • sidoh
Re: blag
« Reply #27 on: March 17, 2011, 02:03:46 pm »
I'm actually impressed at the effort they went to to intentionally weaken it. :)

Yeah.  Very confusing.

I missed this before:

Unless a min password length is set, it does 7 characters - 6 letters and a number. That's 197,706,096,640 combinations.

Since the position of the digit isn't fixed, it's actually:

52^6 * 10 * 7 = 1,383,942,676,480

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: blag
« Reply #28 on: March 17, 2011, 02:53:08 pm »
Good call, I forgot the 7.

Offline iago

  • Leader
  • Administrator
  • Hero Member
  • *****
  • Posts: 17914
  • Fnord.
    • View Profile
    • SkullSecurity
Re: blag
« Reply #29 on: March 20, 2011, 08:40:08 pm »
I liked the last two posts on your blag.  They were cool.  I especially liked the Taco Bell programming bit.  I've never used xargs in that way, but I definitely will be doing so in the future.

This seems like a solid (ish) way to generate random salts in PHP. Thoughts?

Code: [Select]
$salt = md5(rand() . microtime())

It seems to me that this is about as good as it gets.  Some of the things people come up with are a lot more convoluted than this, which puzzles me.
So, it turns out that rand() and mt_rand() are both seeded by 32-bit values that are somewhat known. And microtime() is actually one of those values. That means that, in reality, due to PHP's crappy random number generator, that may not be especially secure. :)

(I'm going to post a blog on Tuesday (give or take) about this.

Offline Sidoh

  • x86
  • Hero Member
  • *****
  • Posts: 17634
  • MHNATY ~~~~~
    • View Profile
    • sidoh
Re: blag
« Reply #30 on: March 20, 2011, 10:18:33 pm »
Hm, that's pretty bad.

md5(`cat -c 1000 /dev/random`);

ENTROPY NOMNOMNOMNOM