That's exactly what I described on my (now dead) blog PHP Talk.
I've mentioned the problem(s) on
http://improved-security.com/wiki/Rando ... _%28PHP%29
Improved Security wrote:When using mod_php and HTTP Keep-Alive connection, the same PHP process is being used for each HTTP request. PHP will automatically seed the random number generators per each process start. So, since we use HTTP Keep-Alive, the random number generators are not being seeded by PHP. This means that if one can upload a PHP file on a shared server (on his account) similar to the following:
Then he will be able to seed the random function for his process, and predict the next random number in another application on the same server.
And of course you don't need to upload anything if there's an application that seeds based on any user supplied data.
VladSun wrote:Finally, he explains that CAPTCHA images can be bypassed by *predicting* the values they are generated from.
Yeah, CAPTCHAs are just one thing that rely heavily on randomness. After all,
Randomization is a control that has to be strong in order for someone to be even able to build a secure system.
Anyway, the video is nicely done. This just shows yet another reason (=things are getting more practical and popular) why one can't use built-in random functions in PHP for cryptographic purposes.
I've been writing a library and it can generate good random data with a simple call:
Code: Select all
$randomBytes = Security_Randomizer::getRandomBytes(32); // Generate 32-bytes of random data
The library is not vulnerable to the attack demonstrated in the video.