One thing about this bug is "why does a JSON parser need random numbers?"

The answer is that all libraries need random numbers. It's one of the things they don't teach you in computer science class.

news.ycombinator.com/item?id=264636…
While a JSON parser parses the input, it puts things into a hash table, which is very efficient ON AVERAGE. But if a hacker constructs the input in a special way, it becomes very inefficient -- essentially, it'll crash/hang.
Thus, you need to randomize where things get placed in a hash table such that a hacker can't possibly guess the order. This means grabbing a TRUELY random number from the operating system or hardware.
You can't calculate an unpredictable number yourself with pure math, because hackers can execute the same math. You must instead grab external events, such as random motion of molecules in a chip, or random arrival times of packets on the network.
Unfortunately, there is no way to do this in a standard way -- well, there is NOW, but not for older systems, so libraries do ad hoc ways to figure it out for themselves -- and often make mistakes, such as this one.
The way I do it is simply scavenge 'entropy' (true randomness) from as many sources as I can, and mix it together with a hash function. Mixing with a cryptographic hash never makes it less random.
Here is an example. I start by using SHA-2 512 as the function to mix together all the sources of entropy.
github.com/robertdavidgra…
Next I is a function that gets the highest resolution timestamp in the system. This is usually good for about 20 bits of randomization, sometimes 30 bits. If all else fails, this often will suffice for many threats.
Then I get the basic things that people have always used for randomization, the current time(0) and getpid() (process id). It's bad, very bad, but it adds a couple bits worth of randomness.
Next is the 'proper' way -- a system call. All the newer operating system (Windows, macOS, Linux, etc.) provide one that's guaranteed to be security. Unfortunately, libraries need to support older systems that don't. People deploy new CentOS boxes that don't support it
Next reads from /dev/urandom. One thing to note is that I have no platform-specific #ifdefs around it -- I attempt to open /dev/urandom on all platforms, even windows where it doesn't exist.
/dev/urandom is the canonical answer they teach you in school, but it actually fails in so many ways. For example, there's a tiny chance a signal (interrupt) may cause it to fail. The biggest reason is that it usually doesn't work in containers.
Looking over the code, I realize this file is unfinished. I am supposed to also read ASLR information: the pointers to the stack, heap, and text segments, treating them as integers, which by themselves are usually enough to make sure this is random.
All these thing can fail. You should rely upon a cryptographic library if doing something cryptographic. My goal for this code is to solve the fact that every program needs a random seed for hash tables.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Robᵉʳᵗ Graham😷, provocateur

Robᵉʳᵗ Graham😷, provocateur Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @ErrataRob

13 Mar
Time for another lesson in dictionaries. Yes, dictionaries are supposed to reflect how people DO use words, not how they SHOULD use words. But this includes documenting the fact people will look down on you for using it.
Wikitionary.org gets it right, labeling the use of "supposably" for "supposedly" is "nonstandard".

Dictionary.com gets it wrong, declaring that it's a "new word" (it's not new) and failing to document that it's a nonstandard use.
This thread isn't about "supposably" but is subtweeting the debate about "hacker".

Here, we see Wiktionary.org gets it mostly right, and Dictionary.com gets it somewhat wrong.
Read 4 tweets
11 Mar
1/ BTW, the criticisms we techies have of Perloth's zero-day book isn't with Perlroth but with the NYTimes-style reporting. NYTimes reporters don't understand the subject but nonetheless attempt to explain it, leading to mangled information and outright lies.
2/ For example, Dave Sanger has a book on nation state hacking "A Perfect Weapon". In a chapter titled "Man In The Middle", he describes the Snowden "MUSCULAR" revelation as:
3/ Um, no. This contradicts everyone else's reporting on MUSCULAR. This contradicts how Wikipedia describes the program. It contradicts how I, a techy, read the diagram. Nobody (of note) but Sanger thinks that arrow points to where the NSA is tapping things.
Read 11 tweets
9 Mar
1/ So here's the deal: it's not always clear that our perspective is necessarily the "right" one and the NYT's is the "wrong" one. There's good reason why the NYT might reasonably disagree. But...
2/ ...but it is still a clear difference between how the NYT reports things and how the either the tech press (Wired, Ars Technica, etc.) or the rest of the mainstream press (e.g. Associated Press) reports things.
3/ The NYT prides itself on not simply giving the "facts" but telling "narratives". In other words, as the paper of record, they don't simply want others to repeat their facts, but repeat the spin they've put on stories.
Read 16 tweets
7 Mar
okay ipv6 people -- am I right that SLAAC only happens when the Router Advertisement advertises a prefix of /64 (not /63, not /65) and the "autonomous address-configuration" flag is set?
I ask because I can't figure out how to get my Ubuiti EdgeRouter from getting a prefix delegation of /56 from my ISP, and then giving /64s to internal interfaces to get SLAAC working.
the "prefix ::/64" command for radvd doesn't give a /64, that string means to query the local interface, which is /56, and use that instead.
Read 4 tweets
6 Mar
So here's the deal with Agile: everyone was (and still is, mostly) taught Anti-Agile software-engineering. Mistakes in "requirements" and "design" are costly, so we need to spend more time doing that before coding.
Agile preached the opposite. If mistakes in "requirements" and "design" are costly, then change your coding practices so that these mistakes are now cheap to fix.
A recently had to change requirements for my 'masscan' project. It was originally written with the requirement that it would always be IPv4 because scanning IPv6 address space isn't practical.
Read 6 tweets
6 Mar
Current status: scraping library websites checking status of banned Dr. Seuss books. Here's availability for Boston library network.
The "banned" is my own annotation to the table, whether the book is that on the recent list of discontinued books. It doesn't mean the library has banned them.
Presumably, the reason availability has dropped is because people have checked them out, not because they've deliberately removed them.
Read 5 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!