[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: XDM has the same problem as netscape ?!

To: [email protected]
Subject: Re: XDM has the same problem as netscape ?!
From: "Josh M. Osborne" <[email protected]>
Date: Thu, 21 Sep 1995 20:19:23 -0400
Cc: [email protected]
In-Reply-To: Your message of "21 Sep 1995 11:49:59 EDT." <[email protected]>
Sender: [email protected]

In message <[email protected]>, Ian Goldberg writes:
>In article <[email protected]>,
>Nelson Minar <[email protected]> wrote:
>>Last time I looked, the MIT-MAGIC-COOKIE-1 scheme used in X11R4 had
>>the same problem: the random seed was based on the current time to the
>>microsecond, modulo the granularity of the system clock. I think I
>>figured that on my hardware, if I could figure out which minute the X
>>server started (easy with finger), I'd only have to try a few
>>thousand keys or so. Caveat: I never actually proved the idea.
>
>Wow.  I just checked, and Nelson's right.
[...]

Of corse you can do what I have been doing for years:

$cookie=`good-source-or-random-hex-strings`
xauth add $DISPLAY MIT-MAGIC-COOKIE-1 $cookie
xinit ~/.xinitrc $DISPLAY -- $server :$port -auth $XAUTHORITY

(assuming you set the various variables correctly)

This will allow you to gennerate your own cookies rather then
relying on MIT.  (I actually have C code to set the cookie dirrectly,
since I don't really care to have it visable to ps, even breifly).

Unfortunitly X will blat the "secret" out in the clear every time you
make an X connection, so it still isn't very good.

References:
- XDM has the same problem as netscape ?!
  - From: [email protected] (Ian Goldberg)

Prev by Date: Anyone for testing MOSS?
Next by Date: Netscape to end Linux support?
Prev by thread: XDM has the same problem as netscape ?!
Next by thread: Re: Netscape is doing well -- give 'em a break.
Index(es):
- Date
- Thread