<html><head></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; color: rgb(0, 0, 0); font-size: 14px; font-family: Calibri, sans-serif;"><div>I ran this by our team for an opinion on the crypto side of things. Here is their response:</div><div><br></div><div>"uuid4 is fine. All it does is take 16 bytes of randomness from os.urandom (although a 128-bit uuid4 only encodes 122-bits of randomness since the first 6 bits encode the version of the uuid). Using M2Crypto to generate those random bytes is of little to no value as OpenSSL seeds its CSPRNG from /dev/urandom on POSIX systems anyway (crypto/rand/rand_unix.c if you want to look).<div><br></div><div><span style="font-family: Calibri; font-size: medium;">To address the statement in RFC 4122: This statement is true for any version of uuid other than uuid4. Since you have 122-bits of RNG state encoded into a uuid4 string you’d expect an attacker to have 2^(-122) probability of predicting the next token based on the value of the current token received (assuming the underlying RNG is secure, which is a required assumption). (If you had 2^61 simultaneously valid sessions you’d have a good probability of uuid4() creating the same token twice, but since storing 2^61 128-bit strings requires 3.68934881474191E19 bytes I think we’re probably safe)"</span><br style="font-family: Calibri; font-size: medium;"></div></div><div><span style="font-family: Calibri; font-size: medium;"><br></span></div><div>Thanks,</div><div>Jarret</div><div><br></div><div><br></div><span id="OLK_SRC_BODY_SECTION"><div style="font-family:Calibri; font-size:11pt; text-align:left; color:black; BORDER-BOTTOM: medium none; BORDER-LEFT: medium none; PADDING-BOTTOM: 0in; PADDING-LEFT: 0in; PADDING-RIGHT: 0in; BORDER-TOP: #b5c4df 1pt solid; BORDER-RIGHT: medium none; PADDING-TOP: 3pt"><span style="font-weight:bold">From: </span> Abu Shohel Ahmed <<a href="mailto:ahmed.shohel@ericsson.com">ahmed.shohel@ericsson.com</a>><br><span style="font-weight:bold">Date: </span> Monday, February 10, 2014 at 8:19 AM<br><span style="font-weight:bold">To: </span> "<a href="mailto:openstack-security@lists.openstack.org">openstack-security@lists.openstack.org</a>" <<a href="mailto:openstack-security@lists.openstack.org">openstack-security@lists.openstack.org</a>><br><span style="font-weight:bold">Subject: </span> [Openstack-security] Authentication token generation using UUID<br></div><div><br></div><div><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;"><div style="padding: 0px; margin: 0px; font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 16px;"><span id="yui_3_13_0_ym1_9_1392041012083_105" style="font-size: 13px;">Hi,</span></div><div style="padding: 0px; margin: 0px; font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 16px;"><span style="font-size: small;"><br id="yui_3_13_0_ym1_9_1392041012083_27"></span></div><div style="padding: 0px; margin: 0px; font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 16px;"><span id="yui_3_13_0_ym1_1_1392041012083_8568" style="font-size: small;">Currently, Keystone Token provider (both PKI and UUID) relies on uuid.uuid4 to generate token which</span></div><div style="padding: 0px; margin: 0px; font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 16px;"><span id="yui_3_13_0_ym1_1_1392041012083_8567" style="font-size: small;">is used as an authentication token during its lifetime. </span></div><div style="padding: 0px; margin: 0px; font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 16px;"><span style="font-size: small;"><br id="yui_3_13_0_ym1_9_1392041012083_59"></span></div><div style="padding: 0px; margin: 0px; font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 16px;"><div style="padding: 0px; margin: 0px; font-size: 11px; font-family: Menlo;"><span id="yui_3_13_0_ym1_1_1392041012083_7734" style="color: rgb(206, 121, 36);">def</span> <span id="yui_3_13_0_ym1_1_1392041012083_8662" style="color: rgb(52, 187, 199);">_get_token_id</span>(self,
token_data):</div><p id="yui_3_13_0_ym1_1_1392041012083_7643" style="padding: 0px; margin: 0px; font-size: 11px; font-family: Menlo;"></p><div style="padding: 0px; margin: 0px; font-size: 11px; font-family: Menlo;"><span id="yui_3_13_0_ym1_9_1392041012083_40"><font color="#0220b3" id="yui_3_13_0_ym1_9_1392041012083_52"> </font></span><span style="color: rgb(206, 121, 36);">return</span> uuid.uuid4().<span id="yui_3_13_0_ym1_9_1392041012083_34" style="color: rgb(52, 187, 199);">hex</span></div></div><div style="padding: 0px; margin: 0px; font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 16px;"><span style="font-size: small;"><br></span></div><div style="padding: 0px; margin: 0px; font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 16px;"><span id="yui_3_13_0_ym1_1_1392041012083_8663" style="font-size: 13px;">My question is how secure is UUID4 token. According to RFC 4122</span></div><div style="padding: 0px; margin: 0px; font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 16px;"><span style="font-size: small;"><br id="yui_3_13_0_ym1_9_1392041012083_64"></span></div><pre class="newpage" id="yui_3_13_0_ym1_9_1392041012083_68" style="font-family: 'Courier New'; margin-top: 0px; margin-bottom: 0px; white-space: pre-wrap; font-size: 16px; page-break-before: always;"><span id="yui_3_13_0_ym1_1_1392041012083_8518" style="font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 13px;">"Do not assume that UUIDs are hard to guess; they should not be used
as security capabilities (identifiers whose mere possession grants
access)"</span></pre><pre class="newpage" id="yui_3_13_0_ym1_9_1392041012083_68" style="font-family: 'Courier New'; margin-top: 0px; margin-bottom: 0px; white-space: pre-wrap; font-size: 1em; page-break-before: always;"><br></pre><div style="padding: 0px; margin: 0px; font-size: 11px; font-family: Menlo; color: rgb(2, 32, 179);"><span id="yui_3_13_0_ym1_9_1392041012083_71" style="color: rgb(52, 187, 199);"><br id="yui_3_13_0_ym1_9_1392041012083_77"></span></div><div style="padding: 0px; margin: 0px; font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 16px;"><span id="yui_3_13_0_ym1_9_1392041012083_74" style="font-size: 13px;">The implementation of UUID4 relies on os.urandom() which provides pretty good randomness. However, there are still </span></div><div style="padding: 0px; margin: 0px; font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 16px;"><span id="yui_3_13_0_ym1_9_1392041012083_83" style="font-size: 13px;">concerns about its randomness. See the thread here
<a href="http://stackoverflow.com/questions/817882/unique-session-id-in-python">http://stackoverflow.com/questions/817882/unique-session-id-in-python</a>. </span></div><div style="padding: 0px; margin: 0px; font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 16px;"><span id="yui_3_13_0_ym1_9_1392041012083_100" style="font-size: small;"><br id="yui_3_13_0_ym1_9_1392041012083_102"></span></div><div style="padding: 0px; margin: 0px; font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 16px;"><span id="yui_3_13_0_ym1_9_1392041012083_95" style="font-size: 13px;">Should it be a security bug for keystone ? If it is, both PKI and UUID token generation process is vulnerable.</span></div><div style="padding: 0px; margin: 0px; font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 13px;"><span id="yui_3_13_0_ym1_9_1392041012083_107"><br id="yui_3_13_0_ym1_9_1392041012083_113"></span></div><div style="padding: 0px; margin: 0px; font-family: HelveticaNeue, 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif; font-size: 13px;"><span id="yui_3_13_0_ym1_9_1392041012083_110">...shohel</span></div></div></div></span></body></html>