lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <dh0ujh$fs6$1@sea.gmane.org>
Date: Fri Sep 23 14:09:16 2005
From: davek_throwaway at hotmail.com (Dave Korn)
Subject: Re: SecureW2 TLS security problem

----Original Message----
>From: Simon Josefsson
>Message-Id: ilumzm4qefr.fsf@...te.josefsson.org

> Hi everyone!  I was looking at the code for a TLS implementation, an
> open source implementation "SecureW2" by Alfa & Ariss, see:
>
> http://www.securew2.com/uk/index.htm
>
> I found that it uses weak random numbers when generating the
> pre-master-secret.  The code is in "./Components/Common/release
> 3/version 0/source/CommonTLS.c" and quoted below.
>
> It appear to be using the weak srand/rand functions seeded by the
> milliseconds field from the system clock.  That doesn't provide you
> with 48 bytes of strong randomness, you are lucky to get even a few
> bytes.

  I'm not impressed by the modulo 255 operation either!


>         //
>         // Random bytes
>         //
>         for( i=2; i < TLS_PMS_SIZE; i++ )
>                 pbPMS[i] = ( BYTE ) ( rand() % 255 );

  Both that and the use of rand are indicators of serious lack of
programming skill/experience.


    cheers,
      DaveK
-- 
Can't think of a witty .sigline today....

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ