[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

XDM has the same problem as netscape ?!



In article <[email protected]>,
Nelson Minar <[email protected]> wrote:
>Last time I looked, the MIT-MAGIC-COOKIE-1 scheme used in X11R4 had
>the same problem: the random seed was based on the current time to the
>microsecond, modulo the granularity of the system clock. I think I
>figured that on my hardware, if I could figure out which minute the X
>server started (easy with finger), I'd only have to try a few
>thousand keys or so. Caveat: I never actually proved the idea.

Wow.  I just checked, and Nelson's right.

The seed is this:
#ifdef ITIMER_REAL
    {
        struct timeval  now;

        X_GETTIMEOFDAY (&now);
        ldata[0] = now.tv_sec;
        ldata[1] = now.tv_usec;
    }
#else
    {
        long    time ();

        ldata[0] = time ((long *) 0);
        ldata[1] = getpid ();
    }
#endif

and if you don't have XDMAUTH defined, the auth value is this:

        seed = (ldata[0]) + (ldata[1] << 16);
        srand (seed);
        for (i = 0; i < len; i++)
        {
            value = rand ();
            auth[i] = value & 0xff;
        }


Oh, well.  We knew X didn't have much in the way of security, anyway...

   - Ian