Get codepoints in java3/30/2023 ![]() The API is simple – a call to RandomStringUtils.randomAlphanumeric(count) returns a string containing exactly count alphanumeric characters.Īlthough the second line of the documentation page warns that the randomness used in this class is not cryptographically secure, the use of these methods in security sensitive contexts is unfortunately not too rare. One such utility is the RandomStringUtils class which is commonly used to generate random alphanumeric strings with the RandomStringUtils.randomAlphanumeric method. RandomStringUtils.randomAlphanumericĪpache Commons Lang 3 is a popular Java library that provides all sorts of helper utilities. It can be safely skipped if you are already familiar with how these work. This section will give a brief overview of RandomStringUtils.randomAlphanumeric and. We decided there were ways to do this more efficiently, so we started our research into new ideas. While this is a great tool and could serve our purpose, even running on 20 cores it can still take up to an hour to recover the state. The approach we use in our tool is a lot more elementary, but manages to perform just as well or better than existing tools in most cases.Īfter a bit more searching, we eventually stumbled across alex91ar/randomstringutils which implements a practical exploit against RandomStringUtils.randomAlphanumeric – exactly what we were looking for! The approach used in this tool takes advantage of the first character of the output string to reduce the search space. ![]() Similarly to the tool presented in this post, this tool slows down as the bound gets very small, but both are still quite practical for most applications. This tool uses lattice reduction techniques and a branch and bound algorithm which manages to also handle the case when the bound is odd. 14/02/23 Update: After publishing this blog post, we were made aware of mjtb49/LattiCG which implements a generic way of recovering a Java Random seed that satisfies certain output conditions in the form of inequalities. ![]() A shortcoming of these tools we found is that their underlying ideas don’t apply when the bound is odd, which as we’ll see, is the case for RandomStringUtils.randomAlphanumeric. This script uses a similar idea for the specific case of bound = 4 but attacks the truncated LCG with lattice reduction techniques. It does this by using the fact that when the bound is even, a few bits of the state are directly leaked in the outputs. fransla/randcrack is able to crack (bound) but only treats the case of even values of bound. Getting closer to the concrete problem itself, we found a few tools targeting specifically. Truncated LCGs have been studied extensively there are papers, tools and some CTF challenges about breaking them, but none of these seemed to be directly applicable to our situation at hand. ![]() The underlying algorithm of is a linear congruential generator, so we began our search there, looking specifically at generic attacks against truncated LCGs which is close to what RandomStringUtils.randomAlphanumeric and use. ![]() Prior Workīefore diving in, we scoured the internet for existing research or tools to make sure we weren’t reinventing the wheel. In this blog post, we’ll look at some prior work in this area, give some background about RandomStringUtils and Java’s random number generation, then finally go through our approach of attacking it. We realised this approach led to a more general attack against (bound) for odd values of bound so extended the tool to support this too. We knew it used Java’s weak class but were interested in seeing how practically exploitable it actually was, so we decided to dig into it and see how it worked under the hood.Īfter a few days of staring at equations and debugging off-by-ones, we ended up with a tool that could recover the Java Random instance seed and predict future outputs of RandomStringUtils.randomAlphanumeric in under a minute on average. Introductionĭuring a recent white-box assessment, we came across the use of RandomStringUtils.randomAlphanumeric being used in a security sensitive context. We have implemented the attack and released it publicly here. As far as we are aware, this is a novel approach and improves upon the existing techniques for attacking Java’s random number generation in this specific case. This blog post details a technique for cracking Apache Commons Lang 3 RandomStringUtils.randomAlphanumeric(count) and more generally, Java’s (bound) for odd values of bound. ![]()
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |