1995-09-22 - Re: XDM has the same problem as netscape ?!

Header Data

From: Arve Kjoelen <akjoele@shiva.ee.siue.edu>
To: cypherpunks@toad.com
Message Hash: 4ce1e2e927f655c3938d328da2aa88723c82e6d4342d342b633884e205fd6429
Message ID: <199509221741.MAA27447@shiva.ee.siue.edu>
Reply To: N/A
UTC Datetime: 1995-09-22 17:42:02 UTC
Raw Date: Fri, 22 Sep 95 10:42:02 PDT

Raw message

From: Arve Kjoelen <akjoele@shiva.ee.siue.edu>
Date: Fri, 22 Sep 95 10:42:02 PDT
To: cypherpunks@toad.com
Subject: Re: XDM has the same problem as netscape ?!
Message-ID: <199509221741.MAA27447@shiva.ee.siue.edu>
MIME-Version: 1.0
Content-Type: text/plain


Ian Goldberg wrote:

>Nelson Minar <nelson@santafe.edu> wrote:
>>Last time I looked, the MIT-MAGIC-COOKIE-1 scheme used in X11R4 had
>>the same problem: the random seed was based on the current time to the
>>microsecond, modulo the granularity of the system clock. I think I
>>figured that on my hardware, if I could figure out which minute the X
>>server started (easy with finger), I'd only have to try a few
>>thousand keys or so. Caveat: I never actually proved the idea.

>Wow.  I just checked, and Nelson's right.
>[ code extracts snipped]

I just checked X11R6, and the same method is used there, so it hasn't changed
since X11R4.

-Arve.






Thread