Hi Zvi, Thank you for sending the paper. It's interesting, well-researched, and makes good points. Congratulations on completing it and presumably your PhD soon ;)
I have a few comments: - In Tomcat, java.security.SecureRandom and not java.util.Random is the default generator, so as described in the first paragraph of section 5.2 a general PRNG attack will not be effective against an out-of-the-box Tomcat. - Your analysis of the toString method's weakness is fascinating. It is indeed a JVM implementation matter, as it's always a native method, and as such it's less in the scope of the Tomcat implementator and more in that of the JVM implementor. - You omitted the following details, which are significant in my opinion to the analysis as it applies to Tomcat. Tomcat: -- Encourages the user to specify a custom entropy value easily as a String. This value would not available to an attacker. Our documentation suggests using this attribute in security-conscious environment. Furthermore, this value may be derived from a program (including /dev/random) and changed with every run of the server. -- Allows the user to plug in any implementation they wish of java.util.Random to fit their security requirements. -- Allows the user to substitute any Manager implementation they wish and completely implement the session ID generation scheme as their security requirements dictate. It is only fair to mention these pluses as you analyze the minuses of Tomcat's session ID generation scheme. Because of these options, I personally think we've made a great tradeoff between security for the common user and flexbility for security-conscious servers. I don't anticipate any action or changes in our implementation resulting from your paper. - The final point is minor, but I wanted to mention it as your bibliography is otherwise nicely done: you have no reference to the Tomcat site itself (jakarta.apache.org/Tomcat). That would be appreciated. I'm copying the tomcat-dev list on this message, so that the discussion is logged in our archives. Please feel free to subscribe (send email to [EMAIL PROTECTED]) to the list and discuss this paper further. I am of course not posting the paper to the list, as it's your property, but I'm sure other developers will find it interesting as well should you be inclined to post it. Thanks again ;) Yoav Shapira --- Zvi Gutterman <[EMAIL PROTECTED]> wrote: > > Hello, > > I want to make sure I get to the right people. > > thanks, > > Zvi. > > ---------- Forwarded message ---------- > Date: Wed, 18 Aug 2004 16:45:55 +0300 (IDT) > From: Zvi Gutterman <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Cc: [EMAIL PROTECTED], [EMAIL PROTECTED] > Subject: catalina seesion-id prediction > > Hello, > > My name is Zvi Gutterman and I am a PhD student from the Hebrew > university in Jerusalem, Israel. > Together with my advisor, prof. Dahlia Malkhi, we studied the > Catalina session-id generation algorithm. > Our results (see attached paper) show that Jakarta servers not using > /dev/random may be vulnerable to session id prediction. > The paper will be presented in the RSA 2005 conference (to be > held in Feb 2005). > > You may want to consider a change in the session-id generation scheme. > If you need any help or want to discuss our prediction algorithm I will be > happy to assist. > > regards, > > Zvi. > ATTACHMENT part 2 application/pdf name=ServletsAttack.pdf --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
