Reputation: 3677
What types of attacks are possible against this password generation scheme?
The code that follows uses the PRNG (pseudo random number generator) Random class to generate password characters for the initial temporary password instead of the much more cryptographically secure RNGCryptoServiceProvider as it should have used.
However, it does use the RNGCryptoServiceProvider to generate a seed for the PRNG, so I'm thinking that's maybe worth something, instead of seeding based on the current time of day as is typical practice when using a PRNG where security is not a concern.
My question is: how easy or difficult is this approach to attack in order to compromise the password generation system and guess new users' passwords?
// Generate 4 random bytes.
byte[] randomBytes = new byte[4];
RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
rng.GetBytes(randomBytes);
// Convert 4 bytes into a 32-bit integer value.
int seed = (randomBytes[0] & 0x7f) << 24 | randomBytes[1] << 16 | randomBytes[2] << 8 | randomBytes[3];
// Now, this is real randomization.
Random random = new Random(seed);
The code then goes on to use random.Next() to generate characters to fill in the password string.
DISCLAIMER: This code is not of my invention. Do not blame me for it nor offer suggestions on how to fix it. I know how to fix it and I know it is bad. Do not waste time replying as such. Any comments or answers to this effect will be flagged as spam. I only found it in our code and am curious about its "security" properties.
Upvotes: 1
Views: 238
Answers (1)
Reputation: 64248
The issue with PRNG functions is that of predictability. Being able to predict it's output based on previous output. The reason to avoid using the Random class is that by monitoring it's output, one can then start to predict future output.
The code above may or may not be a problem. This boils down to how often the Random class is instantiated. If you are creating a new instance with a seed from a crypto-strength PRNG and generating only a single password from that then you should be OK. I say this because even if I learn the state of the PRNG from one generated password, it has no relationship to future passwords generated.
If you instead are using this routine to initialize a static instance of Random, then you certainly have a potential problem. Let's say someone used this approach to send temporary reset passwords to an email. An attacker could reset their own password enough times to start predicting the future passwords. Once he can predict the next password, he simply initiate the rest for the account he wishes to compromise. Already knowing the password that was emailed, he can then access the account.
Upvotes: 5
Related Questions
- Generating Random Passwords
- Code for password generator
- Random Password Generator
- Make a password generator
- Why is my random password generator outputting the same string every time?
- How do I mix and generate random strings(password) in C# .NET
- Generating random password in bulk
- How do I demonstrate that .NET class Random is not suitable for generating passwords?
- How does this C# asp.net random password code work?
- generating a batch of random passwords