HostedRedmine.com has moved to the Planio platform. All logins and passwords remained the same. All users will be able to login and use Redmine just as before. "Read more...":https://support.plan.io/news/187
Bug #914184
closed
The game seed has zero entropy if one knows the game start time
0%
Description
The game seed, used among others to generate the map, is generated using time(0) when the game is started (or maybe the server, I didn't check as there's little difference for longturn.net). If one knows at what time a game has been started, it is trivial to generate a map with the corresponding seed on a local server. Even if the knowledge of the start time is approximate, one can generate several maps and match them against the area surrounding a starting position. Since time(0) is in seconds, the number of maps one needs to generate is small.
One suggestion is to use the current time in microseconds instead of seconds, but this might not be sufficient if a high-resolution clock is not available. In C++ I would use std::random_device, but I see no portable equivalent in C.
Another possibility is to salt the game seed with a machine-specific ID. This is less secure because a leak of the machine ID would compromise every game running on the server.
This is a very easy exploit that also leaves no traces. Once it is revealed, I wouldn't be surprised to see it in use. It affects all current games; at longturn.net, this is LearningLT and LT54 to LT58. Mitigation will be applied from LT59 onward, but the last affected game isn't expected to end before February 2021 and could last for at least one more month. Please take this into account when revealing the issue to a wider audience.
Files
Related issues
Updated by Louis Moureaux about 2 years ago
- File 0001-Use-a-less-predictable-seed-for-random-number-genera.patch 0001-Use-a-less-predictable-seed-for-random-number-genera.patch added
Patch for UNIX-like systems by Ilkka Virta.
Updated by Louis Moureaux about 2 years ago
- Status changed from New to In Progress
- Assignee set to Marko Lindqvist
- Sprint/Milestone set to 2.6.4
- Private changed from Yes to No
Affected games at longturn.net have now either ended or gaining access to the map wouldn't be a huge advantage. Reportedly freeciv-web don't think they are affected.
Updated by Marko Lindqvist about 2 years ago
- File 0002-Make-generated-random-seed-less-predictable.patch 0002-Make-generated-random-seed-less-predictable.patch added
- File 0002-Make-generated-random-seed-less-predictable.patch 0002-Make-generated-random-seed-less-predictable.patch added
- File 0002-Make-generated-random-seed-less-predictable.patch 0002-Make-generated-random-seed-less-predictable.patch added
- Status changed from In Progress to Resolved
Latest versions of the patches, modified by me. These are considered commit candidates.
All brances:
- Rebased
- Added full Freeciv file header, with Freeciv copyright, to new files (Agreed with Ilkka)
- Disabled /dev/urandom configure check. Code in randseed.c has not been touched. The configure check, as implemented, would have bad consequences when cross-compiling. We should reimplement and enable this in the future
- Fixed compiler warning (include randseed.h to randseed.c for the function declaration)
- Include unistd.h. Needed on some setups
- Adjusted log levels
- Marked higher log level messages for translation
- Removed "\n" from the end of log message
- Removed trailing spaces
- Other style corrections
S3_1 & master only:
- Implemented meson build parts
- "*//**" for doxygen in function headers
- Further adjusted log levels with the availability of LOG_WARN
Updated by Marko Lindqvist about 2 years ago
- Blocks Task #911624: Release 2.6.4 added
Updated by Marko Lindqvist about 2 years ago
- Status changed from Resolved to Closed
.