Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook

[-]
Tags
400 token defeat randomness bad misc because twistword rhme2 2fa

bazirollDefeat 2FA token because of bad randomness - rhme2 Twistword (Misc 400)
#1

Published on Jun 9, 2017
Generating random numbers on computers is not easy. And while the intended solution was really hard, the challenge had a problem with the random number generation, which allowed me to solve it.

Clarification from Andres Moreno (riscure) on the challenge:
"The "official" challenge solution involved reading the tiny Mersenne twister (tinyMT) paper, writing some equations, and using a solver. The tinyMT is tricky to initialize. Giving a proper seed is not enough. You need to provide initial state matrices with certain properties (there is a generator for this). The challenge used improper initialized matrices (zeros) that reduced the PRNG period. During tests, we found that ~12hr were needed to solve the challenge (solver time only), but we did not test the amount of entropy reduction by improper state initialization. Fortunately, the problem was not in the PRNG."

--------------------------------------
Twitter: https://twitter.com/LiveOverflow
Website: http://liveoverflow.com/
Subreddit: https://www.reddit.com/r/LiveOverflow/
  • Category
  • License
    • Standard YouTube License
Reply
#2
Security should always come first, and this approach clearly emphasizes the radius protocol, which makes it possible to use radius two factor authentication with the generation of one-time passwords using universal security tokens.
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Breaking ECDSA (Elliptic Curve Cryptography) - rhme2 Secure Filesystem v1.92r1 (crypt baziroll 0 898 05-24-2017 , 12:12 PM
Last Post: baziroll
  Blind Buffer Overflow exploitation to leak secret data - rhme2 Animals (pwn 200) baziroll 0 822 05-12-2017 , 10:15 PM
Last Post: baziroll

Forum Jump:


Users browsing this thread: 1 Guest(s)