Presented at
Kiwicon V: It Goes b00m (2011),
Nov. 5, 2011, 9:30 a.m.
(30 minutes).
It's 6pm in the office and your coffee is cold. You thought you were so smart when you decided to create a custom ssh channel protocol to run inter-cluster distribution, but now you're deep in the guts of the SSH library and something looks out of place. The call to random:uniform/1 anywhere else would be innocent, but your heart sinks as your mind races: wrong kind of random, no entropy mixing - could you guess the seed? And if you could, what else would be yours for the taking? A bug, a conjecture, a half-arsed network stack, a lot of coffee and googling, a one-shot pcap->private key recovery script.
Presenters:
-
Geoff Cant / Archaelus
Geoff Cant is the world's most interesting Erlang Hacker in New Zealand. He doesn't often spot security bugs in obscure programming languages but when he does he weaponizes them. More prosaically of late, he builds interesting distributed systems for mobile gaming platforms at ngmoco:) and finds entirely too little free-time to devote to an ever-expanding collection of github projects.
Links:
Similar Presentations: