From: iagoldbe@csclub.uwaterloo.ca (Ian Goldberg)
Date: Thu, 21 Sep 95 08:50:26 PDT
To: cypherpunks@toad.com
Subject: XDM has the same problem as netscape ?!
In-Reply-To: <199509202041.NAA07036@comsec.com>
Message-ID: <43s1j7$nd3@calum.csclub.uwaterloo.ca>
MIME-Version: 1.0
Content-Type: text/plain


In article <9509210631.AA18308@sfi.santafe.edu>,
Nelson Minar <nelson@santafe.edu> wrote:
>Last time I looked, the MIT-MAGIC-COOKIE-1 scheme used in X11R4 had
>the same problem: the random seed was based on the current time to the
>microsecond, modulo the granularity of the system clock. I think I
>figured that on my hardware, if I could figure out which minute the X
>server started (easy with finger), I'd only have to try a few
>thousand keys or so. Caveat: I never actually proved the idea.

Wow.  I just checked, and Nelson's right.

The seed is this:
#ifdef ITIMER_REAL
    {
        struct timeval  now;

        X_GETTIMEOFDAY (&now);
        ldata[0] = now.tv_sec;
        ldata[1] = now.tv_usec;
    }
#else
    {
        long    time ();

        ldata[0] = time ((long *) 0);
        ldata[1] = getpid ();
    }
#endif

and if you don't have XDMAUTH defined, the auth value is this:

        seed = (ldata[0]) + (ldata[1] << 16);
        srand (seed);
        for (i = 0; i < len; i++)
        {
            value = rand ();
            auth[i] = value & 0xff;
        }


Oh, well.  We knew X didn't have much in the way of security, anyway...

   - Ian