New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
ChicagoVPS hacked, bunch of VPS customers offline
This discussion has been closed.
Comments
My partner convinced me to err on the side of caution so we're treating this like a real exploit until informed otherwise. Better safe than sorry.
+1
I understand that but my question was is the "4 billion" estimate you made based on a single value or is that based on both values? If it's just for one value then you can see how 4 billion turns into an unrealistic number (4 billion for the ID + 4 billion for the Key * possible combinations of both).
It mgiht be a real exploit..However bruteforcing the API and Key seems a bit impossible on my end.
It would be easier to bruteforce one of my passwords (whmcs/solusvm/etc.)
Nothing is impossible, just improbable.
Ifff (i am saying IF since i haven't seen the code Solus uses).
But if:
ID = function1(InstallationID)
Key = function2(InstallationID)
And InstallationID=function3(32bit number)
Then all possible values of the (ID, key) pair combinations are not more than 2^32
Now if the functions used have some flaws then it could be an even lower number. Theoretically.
Yeah, true
But pretty sure you understand what I meant.
Key = function2(InstallationID)
And InstallationID=function3(32bit number)
I think they explained something more like this...
ID = function1(InstallationID.(/dev/urandom 4bits perl function))
Key = function2(InstallationID.(/dev/urandom 4bits perl function))
And InstallationID=function3((/dev/urandom 4bits perl function))
If the SolusVM Master ID is generated the same way as the Slave IDs, then (based on my Slave IDs) it ranges from 125-135bits but my API ID and Keys are only a little over 100bits.
@Corey as i said i haven't seen that code so don't really know. Here is what they said:
soluslabs
They don't say anything about mixing it with more randomness. Then they also don't say anything about not mixing it. So we don't really know until someone sees the code.
How many bits is this?
It generated a value of 136 bits accord to KeePass.
Also, here's a good post about how long it could take to brute force SolusVM's API: http://www.webhostingtalk.com/showpost.php?p=8408232&postcount=8
@Kujoe now strace that perl and think again
The rand() function is seeded once, with 4 bytes (32 bits) of pseudo random data. All numbers after that are 100% predictable and reproducable if you know this 32 bits seed.
Very true, but if you had access to the SolusVM Master ID then you wouldn't need to bruteforce the API. :P
Hmm don't know how the SolusVM master ID could be used. But it can be predicted with a probability of 2^-32
I guess you lost me then.
Well that is easy, Dragons beat all
I wish I could be as cool as you.
I wish there a Thanks button
Maybe we can get one for christmas?
"tits.or.gtfo" is not a secure password.
Wait what?
@John_R it should have been TITS.or.gtfo!123 that's a secure password!
@Zen
DRAGONMATHS:
1+1=ROAR!
2+2=FIRE!
@KuJoe ROAR+ROAR=FIRE
@AsadHaider EXCELLENT! Dragonmaths is fun!
ROAR^2=FIRE
I like this. Unfortunately @KuJoe this is the stuff I have to do irl
@AsadHaider looks like cryptographic formula Cool stuff!
ROFL