Subject: Re: Ian's Xkernel
To: Curt Sampson <>
From: Bob Beck <>
List: port-sun3
Date: 04/12/1997 12:15:50
	You would have to be very careful how you picked your "random"
session key.  I've seen lots of guys who do this for X cookies
(including most XDM's) where they base it on something like pid and
time, and anyone who knows the algorithm used can get the "random" key
in relatively short order. SunOS 4 using X11R5 in particular was bad
for this, as it was based on seeding the rnd with pid and time (to the
second) . All you had to do was grok all the XDM processes from a
running box, check the start time, and run through the algorithm,
trying each second in the start minute, generating a cookie, and
trying to bind the victim's display. Worked very well too :-)
	I guess the short answer is if you've just booted up, you'd
have to make sure your key was generated in some nondeterministic
manner.  I dunno how good /dev/random would be at that point.

	Of course, we're rapidly diverging from port-sun3 topics here.


> However, assuming we're happy to serve any X terminal that happens
> to be on the network (as I am), would we not get most of what we
> want if we just had the X terminal generate a random session key
> on boot, encrypt it with the server's public key, and hand it to
> the server? This ensure that that particular session is secure. It
> would not prevent spoofing of the server, but I could live with
> that, since that's pretty hard to do unless someone has access to
> your network.
> cjs
> Curt Sampson		Info at
> Internet Portal Services, Inc.		`And malt does more than Milton can
> Vancouver, BC   (604) 257-9400		 To justify God's ways to man.'