UuidCreate是否使用CSPRNG? [英] Does UuidCreate use a CSPRNG?
问题描述
请注意,这不是我的 应用程序,它是我为客户端聚集的应用程序。我通常在 http://security.stackexchange.com/ 上提出这样的问题,但是由于这是更多的编程相关我已经问过
授予, UUID的RFC 4122 不指定类型4 UUID必须由密码安全伪随机数生成器(CSPRNG)生成。它只是说
将所有其他位随机(或伪随机)选择
值。
虽然,该算法的一些实现,如这一个在Java中,请使用CSPRNG。
我试图探究Microsoft的实现是否有。主要是关于.NET或MSSQL Server如何生成它们。
检查 .NET源代码,我们可以看到这个代码:
Marshal.ThrowExceptionForHR(Win32Native。 CoCreateGuid(out guid),new IntPtr(-1));
return guid;
检查 CoCreateGuid docco,表示
CoCreateGuid函数调用RPC函数UuidCreate
功能是此处。
现在,是否有任何关于 UuidCreate 的信息,
- a href =http://stackoverflow.com/questions/2621563/how-random-is-system-guid-newguid-take-two>如何随机是System.Guid.NewGuid()? (两个)
- 是否使用GUID生成一个随机字符串和数字的有效方式?
- GUID安全无法验证?
- 如何在SQL Server中生成GUID? li>
第一个说:
GUID不保证随机性,它保证了
的唯一性。如果你想随机,使用随机来生成
字符串。
我同意这一点,不可预测的数字,你当然会使用CSPRNG代替随机(例如 RNGCryptoServiceProvider )。
而后者的状态(实际上从维基百科引用):
WinAPI GUID生成器的密码分析显示,因为V4 GUID的
序列是伪随机的;给定对
内部状态的充分了解,可以预测先前和随后的
值
在篱笆的另一侧来自Will Dean的此帖说
< blockquote>
我最后一次查看这个(几年前,可能是XP SP2),I
直接进入操作系统代码看看实际上是
发生,并且它使用安全的
随机数生成器生成随机数。
当然,即使它当前使用CSPRNG这将是实现特定的,并且可以随时更改(例如任何更新到Windows)。不太可能,但理论上可能。
我的观点是没有规范的参考,上面是为了证明我做了我的研究,参考任何权威。
原因是我试图决定是否需要更改使用GUID的身份验证令牌的系统。从纯设计的角度来看,答案是肯定的是,但是从实际的角度来看,如果Windows UuidCreate CSPRNG,那么系统就没有立即的风险。任何人都可以在这方面有任何亮点吗?
我正在寻找任何有信誉来源的答案来备份。
虽然我仍然只是一个在互联网上的家伙,我只是重复的步骤进入UuidCreate,在一个32位的应用程序运行在64位版本
code>> 0018f670 7419b886 bcryptPrimitives!SymCryptAesExpandKeyInternal + 0x7f
> 0018f884 7419b803 bcryptPrimitives!SymCryptRngAesGenerateSmall + 0x68
> 0018f89c 7419ac08 bcryptPrimitives!SymCryptRngAesGenerate + 0x3b
> 0018f8fc 7419aaae bcryptPrimitives!AesRNGState_generate + 0x132
> ProcessFrags + 0x4e
> 0018f93c 748346a1 RPCRT4!GenerateRandomNumber + 0x11
> 0018f950 00dd127a RPCRT4!UuidCreate + 0x11
很明显,它使用基于AES的RNG生成数字。通过调用其他人的GUID生成函数生成的GUID仍然不适合用作不可猜测的身份验证令牌,因为这不是GUID生成函数的目的 - 你只是利用副作用。
您的不太可能,但理论上可能。关于操作系统版本之间的实现的变化,这是在UuidCreate的文档中的这个声明的谎言:
如果你不需要这个级别的安全性,您的应用程序可以使用UuidCreateSequential函数,其行为与操作系统的所有其他版本上的UuidCreate函数完全一样。
ie它以前是更可预测的,现在它不太可预测。
Note that this is not my application, it is an application I am pentesting for a client. I usually ask questions like this on http://security.stackexchange.com/, however as this is more programming related I have asked on here.
Granted, RFC 4122 for UUIDs does not specify that type 4 UUIDs have to be generated by a Cryptographically Secure Pseudo Random Number Generator (CSPRNG). It simply says
Set all the other bits to randomly (or pseudo-randomly) chosen values.
Although, some implementations of the algorithm, such as this one in Java, do use a CSPRNG.
I was trying to dig into whether Microsoft's implementation does or not. Mainly around how .NET or MSSQL Server generates them.
Checking the .NET source we can see this code:
Marshal.ThrowExceptionForHR(Win32Native.CoCreateGuid(out guid), new IntPtr(-1));
return guid;
Checking the CoCreateGuid docco, it states
The CoCreateGuid function calls the RPC function UuidCreate
All I can find out about this function is here. I seem to have reached the end of the rabbit hole.
Now, does anyone have any information on how UuidCreate generates its UUIDs?
I've seen many related posts:
- How Random is System.Guid.NewGuid()? (Take two)
- Is using a GUID a valid way to generate a random string of characters and numbers?
- How securely unguessable are GUIDs?
- how are GUIDs generated in SQL Server?
The first of which says:
A GUID doesn't make guarantees about randomness, it makes guarantees around uniqueness. If you want randomness, use Random to generate a string.
I agree with this except in my case for random, unpredictable numbers you'd of course use a CSPRNG instead of Random (e.g. RNGCryptoServiceProvider).
And the latter states (actually quoted from Wikipedia):
Cryptanalysis of the WinAPI GUID generator shows that, since the sequence of V4 GUIDs is pseudo-random; given full knowledge of the internal state, it is possible to predict previous and subsequent values
Now, on the other side of the fence this post from Will Dean says
The last time I looked into this (a few years ago, probably XP SP2), I stepped right down into the OS code to see what was actually happening, and it was generating a random number with the secure random number generator.
Of course, even if it was currently using a CSPRNG this would be implementation specific and subject to change at any point (e.g. any update to Windows). Unlikely, but theoretically possible.
My point is that there's no canonical reference for this, the above was to demonstrate that I've done my research and none of the above posts reference anything authoritative.
The reason is that I'm trying to decide whether a system that uses GUIDs for authentication tokens needs to be changed. From a pure design perspective, the answer is a definite yes, however from a practical point of view, if the Windows UuidCreate function does infact use a CSPRNG, then there is no immediate risk to the system. Can anyone shed any light on this?
I'm looking for any answers with a reputable source to back it up.
Although I'm still just some guy on the Internet, I have just repeated the exercise of stepping into UuidCreate, in a 32-bit app running on a 64-bit version of Windows 10.
Here's a bit of stack from part way through the process:
> 0018f670 7419b886 bcryptPrimitives!SymCryptAesExpandKeyInternal+0x7f
> 0018f884 7419b803 bcryptPrimitives!SymCryptRngAesGenerateSmall+0x68
> 0018f89c 7419ac08 bcryptPrimitives!SymCryptRngAesGenerate+0x3b
> 0018f8fc 7419aaae bcryptPrimitives!AesRNGState_generate+0x132
> 0018f92c 748346f1 bcryptPrimitives!ProcessPrng+0x4e
> 0018f93c 748346a1 RPCRT4!GenerateRandomNumber+0x11
> 0018f950 00dd127a RPCRT4!UuidCreate+0x11
It's pretty clear that it's using an AES-based RNG to generate the numbers. GUIDs generated by calling other people's GUID generation functions are still not suitable for use as unguessable auth tokens though, because that's not the purpose of the GUID generation function - you're merely exploiting a side effect.
Your "Unlikely, but theoretically possible." about changes in implementation between OS versions is rather given the lie by this statement in the docs for "UuidCreate":
If you do not need this level of security, your application can use the UuidCreateSequential function, which behaves exactly as the UuidCreate function does on all other versions of the operating system.
i.e. it used to be more predictable, now it's less predictable.
这篇关于UuidCreate是否使用CSPRNG?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
