XDM has the same problem as netscape ?!
Arve Kjoelen
akjoele at shiva.ee.siue.edu
Fri Sep 22 10:42:02 PDT 1995
Ian Goldberg wrote:
>Nelson Minar <nelson at santafe.edu> wrote:
>>Last time I looked, the MIT-MAGIC-COOKIE-1 scheme used in X11R4 had
>>the same problem: the random seed was based on the current time to the
>>microsecond, modulo the granularity of the system clock. I think I
>>figured that on my hardware, if I could figure out which minute the X
>>server started (easy with finger), I'd only have to try a few
>>thousand keys or so. Caveat: I never actually proved the idea.
>Wow. I just checked, and Nelson's right.
>[ code extracts snipped]
I just checked X11R6, and the same method is used there, so it hasn't changed
since X11R4.
-Arve.
More information about the cypherpunks-legacy
mailing list