Empire icon indicating copy to clipboard operation
Empire copied to clipboard

Published 20 hours ago verified publisher icon EmpireProject

AES session keys are not generated securely

Open trou opened this issue 7 years ago • 1 comments

Empire Version

2.5-27-g92fcf43 (latest HEAD)

OS Information (Linux flavor, Python version)

Irrelevant.

Expected behavior and description of the error, including any actions taken immediately prior to the error. The more detail the better.

AES session key should be generated using a cryptographycally secure random number generator. Instead the current code is the following:

[...]
import random
[...]
def generate_aes_key():
    """
    Generate a random new 128-bit AES key using OS' secure Random functions.
    """
    punctuation = '!#$%&()*+,-./:;<=>?@[\]^_`{|}~'
    return ''.join(random.sample(string.ascii_letters + string.digits + '!#$%&()*+,-./:;<=>?@[\]^_`{|}~', 32))

Which uses Python's default insecure RNG.

This problems comes from the following commit: https://github.com/EmpireProject/Empire/commit/47570ee92aedc87d57ebb59687abd5a89030e51a

which replaced PyCrypto.random with random.

Just to confirm:

$ ipython
Python 2.7.13+ (default, Jul 19 2017, 18:15:03) 
In [1]: import lib.common.encryption

In [2]: import random

In [3]: random.seed(0)

In [4]: lib.common.encryption.generate_aes_key()
Out[4]: '<)LxSJ(zOW/\\w7[t*.=%>Z!VGgCN68D0'

In [5]: lib.common.encryption.generate_aes_key()
Out[5]: 'x.Xb#I+4aO,tA)oRs-7GfwJ$hKU*0_}&'

In [6]: random.seed(0)

In [7]: lib.common.encryption.generate_aes_key()
Out[7]: '<)LxSJ(zOW/\\w7[t*.=%>Z!VGgCN68D0'

In [8]: lib.common.encryption.generate_aes_key()
Out[8]: 'x.Xb#I+4aO,tA)oRs-7GfwJ$hKU*0_}&'

trou avatar Sep 18 '18 15:09 trou

The problem is the same with the Staging key:

# otherwise prompt the user for a set value to hash for the negotiation password
if STAGING_KEY == "BLANK":
    choice = raw_input("\n [>] Enter server negotiation password, enter for random generation: ")
    if choice == "":
        # if no password is entered, generation something random
        STAGING_KEY = ''.join(random.sample(string.ascii_letters + string.digits + punctuation, 32))
    else:
        STAGING_KEY = hashlib.md5(choice).hexdigest()
elif STAGING_KEY == "RANDOM":
    STAGING_KEY = ''.join(random.sample(string.ascii_letters + string.digits + punctuation, 32))

trou avatar Sep 19 '18 08:09 trou