Bugtraq mailing list archives
Re: qmail starttls patch does not seed the random number generator
From: Scott Renfro <scott () renfro org>
Date: Thu, 16 Aug 2001 10:22:10 -0700
On Wed, Aug 15, 2001 at 01:42:05PM -0400, Jack Lloyd wrote:
2) IIRC, OpenSSL adds a few "random" things like pid, uid, time, etc in the creation of the key
On ''Unix'' platforms, it adds getpid(), getuid(), and time(NULL). Wagner and Goldberg demonstrated how very predictable these values were years ago with the Netscape browser.
3) Oh, one more thing. An SSL/TLS key is negotiated between the client and server, and derived from random values sent by each of them.
But the client-random and server-random values are public. The only secret input to the master secret is the pre-master secret which is entirely supplied by the client. If the PRNG used by the client to generate the pre-master secret is weak, an attacker that can sniff the packets can decrypt them with relatively little effort. In this case, you have to have a working and recognized-by-OpenSSL /dev/urandom or an alternate source of good entropy. --Scott -- Scott Renfro <scott () renfro org>
Current thread:
- qmail starttls patch does not seed the random number generator Felix von Leitner (Aug 15)
- Re: qmail starttls patch does not seed the random number generator Wojciech Purczynski (Aug 15)
- Re: qmail starttls patch does not seed the random number generator Jack Lloyd (Aug 15)
- Re: qmail starttls patch does not seed the random number generator Scott Renfro (Aug 16)
- Re: qmail starttls patch does not seed the random number generator D. J. Bernstein (Aug 19)
- Re: qmail starttls patch does not seed the random number generator Jack Lloyd (Aug 15)
- Re: qmail starttls patch does not seed the random number generator Brian Hatch (Aug 15)
- Re: qmail starttls patch does not seed the random number generator Frederik Vermeulen (Aug 16)
- Re: qmail starttls patch does not seed the random number generator Wojciech Purczynski (Aug 15)