Second laboratory for the Computer Network Security (CNS) course at Tor Vergata during scholar year 2022-2023.
In the laboratory we introduced a new PRNG called the Mersenne
Twister, which is currently implemented in various popular
programming languages such as the python language. We have analyzed
the inner workings of the Mersenne Twister at an interface level,
without delving too much into the specific mathematical
formulation. We then showed an attack to a custom web application
which internally used the python Random.random() to generate
password reset codes. The attack consisted in obtaining \(624\)
consecutive direct outputs from the PRNG
\[x_0, x_1, x_2, \ldots, x_{623}\]
From those output, an attacker could syncronize a local copy of the Mersenne Twister to the one running on the server. This opened up the possibility for predicting future outputs, as well as for going into the past and discovering the reset codes for old users registered to the site. With this knowledge, an attacker could then reset the password of each user registered in the system to an arbitrary password choosen by the attacker.
Links to the material of the lecture:
Resources and references:
- Untwisting The Mersenne Twister: How I killed the PRNG
- A Comparison of Mersenne Twister and LCG Random Number Generators
- The cryptopals crypto challenges
- The Black Box Method: How to Learn Hard Concepts Quickly
For any doubts feel free to contact me.
Thank you.