[8694] in bugtraq

home help back first fref pref prev next nref lref last post

Re: RSI.0012.12-03-98.SOLARIS.MKCOOKIE

daemon@ATHENA.MIT.EDU (Chris Wedgwood)
Fri Dec 11 00:14:41 1998

Date: 	Fri, 11 Dec 1998 16:00:50 +1300
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: Chris Wedgwood <chris@CYBERNET.CO.NZ>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To:  <B5CCB39A0011D2119FC500805FE6B3D20A8788@exchny14.corp.smb.com>;
              from Readwin, Neil on Mon, Dec 07, 1998 at 01:39:05PM -0500

On Mon, Dec 07, 1998 at 01:39:05PM -0500, Readwin, Neil wrote:

> On Solaris mkcookie opens /dev/mem and reads about 8MB of it.
> mkcookie will run and generate a new cookie if you remove the suid
> bit, but I guess said cookie will be, umm, less random.

This reminds me (I may have reported this eons ago, I forget).

An old version of util-linux (some years old) also has a hosed
mcookie program.

You can test this by doing something like;


   while [ 1 ] ; do mcookie >> file ; done

<pause a few minutes> ^C

   sort file | uniq | wc


Basically... I was never able to get more that 16384 (2^14) unique
tokens, a pretty small space compared to the theoretical 2^128.
<Insert usual bit about birthday attack, blah blah blah>

I don't know which version of util-linux it was, but I'm pretty sure
2.5 and above use /dev/random and hence don't have this behaviour.




-Chris

home help back first fref pref prev next nref lref last post