[Openstack-security] [Bug 1319643] Re: Using random.random() should not be used to generate randomness used for security reasons

Jeffrey Walton noloader at gmail.com
Fri Jun 6 01:32:47 UTC 2014 

Sorry about the late comment here.

I think the real problem is this line:

    random.seed(datetime.datetime.now().microsecond)

I think its a problem because there's no entropy in datetime. From
Python's source code on seed() (available at
http://svn.python.org/projects/python/branches/py3k/Lib/random.py):

    def seed(self, a=None, version=2):

        if a is None:
            try:
                a = int.from_bytes(_urandom(32), 'big')
            except NotImplementedError:
                import time
                a = int(time.time() * 256) # use fractional seconds

        if version == 2:
            if isinstance(a, (str, bytes, bytearray)):
                if isinstance(a, str):
                    a = a.encode("utf-8")
                a += _sha512(a).digest()
                a = int.from_bytes(a, 'big')

        super().seed(a)
        self.gauss_next = None

As can be seen above, the call to seed() replaces the current seed state
with a hash of date/time. And its only hashed, and not mixed with bits
from, for example, /dev/urandom. So an attacker can perform an
exhaustive search of the keyspace based on the time he observes the
transfer.

The current construction lacks the PRP notion of security. That is, an
adversary can distinguish output from random. *If* the call to
random.seed was performed using bits from /dev/urandom, then this would
not be a problem. Even keying the hash with bits from /dev/urandom would
suffice.

Wagner and Goldberg had a lot of fun with this sort of entropy
collection in 1996. For completeness, Netscape did a little more than
just date/time - they included the PID also. See "Randomness and the
Netscape Browser", http://www.cs.berkeley.edu/~daw/papers/ddj-
netscape.html.

-- 
You received this bug notification because you are a member of OpenStack
Security Group, which is subscribed to OpenStack.
https://bugs.launchpad.net/bugs/1319643

Title:
  Using random.random() should not be used to generate randomness used
  for security reasons

Status in Cinder:
  Fix Committed
Status in OpenStack Security Advisories:
  Won't Fix

Bug description:
  In cinder code : /cinder/transfer/api.py . Below line of code used
  random.random() to generate a random number, Standard random number
  generators should not be used to generate randomness used for security
  reasons. Could we use a crytographic randomness generator to provide
  sufficient entropy to instead of it?

  rndstr = ""
  random.seed(datetime.datetime.now().microsecond)
  while len(rndstr) < length:
   rndstr += hashlib.sha224(str(random.random())).hexdigest()   ---------------> This line has described issues. 

   return rndstr[0:length]

To manage notifications about this bug go to:
https://bugs.launchpad.net/cinder/+bug/1319643/+subscriptions

More information about the Openstack-security mailing list