Descrizione
Second laboratory for the Computer Network Security (CNS) course at Tor Vergata during scholar year 2022-2023.
In the laboratory we introduced a new PRNG called the Mersenne Twister, which is currently implemented in various popular programming languages such as the python language. We have analyzed the inner workings of the Mersenne Twister at an interface level, without delving too much into the specific mathematical formulation.
We then showed an attack to a custom web application which internally used the python Random.random() to generate password reset codes. The attack consisted in obtaining 624 consecutive direct outputs from the PRNG. From those output, an attacker could syncronize a local copy of the Mersenne Twister to the one running on the server. This opened up the possibility for predicting future outputs, as well as for going into the past and discovering the reset codes for old users registered to the site. With this knowledge, an attacker could then reset the password of each user registered in the system to an arbitrary password choosen by the attacker.
Also, I forgot to mention it in the lecture, but an inspiration for the “black-box technique” was this video: https://www.youtube.com/watch?v=RDzsrmMl48I
Timestamps
00:00:00 Previously
00:03:07 The black-box technique
00:07:40 Interfaces and Implementations
00:10:40 A Third PRNG: Mersenne Twister
00:14:00 State and Period of the Mersenne Twister
00:20:40 Initialization Step
00:23:40 State Update Step
00:27:35 Output Generation Step
00:31:00 Overview so far
00:33:00 Attacking the Mersenne Twister
00:44:55 How is it actually implemented?
00:50:00 Introducing WebApp for Example
00:55:40 Exploring WebApp
00:59:00 Analyzing the vulnerability
01:02:30 Exploting the vulnerability
01:09:40 Running the attack
01:11:32 Introducing CSPRNGs
Riferimenti / Materiale
https://github.com/LeonardoE95/yt-it/tree/main/src/2022-10-08-università-teaching-2022-2023-cns-02
https://teaching.leonardotamiano.xyz/cns/labs/lab_02_prng_2/