Re: SecureW2 TLS security problem

["Dave Korn" <davek_throwaway () hotmail com>]

----Original Message----
> From: Simon Josefsson
> Message-Id: ilumzm4qefr.fsf () latte josefsson org

> Hi everyone!  I was looking at the code for a TLS implementation, an
> open source implementation "SecureW2" by Alfa & Ariss, see:
>
> http://www.securew2.com/uk/index.htm
>
> I found that it uses weak random numbers when generating the
> pre-master-secret.  The code is in "./Components/Common/release
> 3/version 0/source/CommonTLS.c" and quoted below.
>
> It appear to be using the weak srand/rand functions seeded by the
> milliseconds field from the system clock.  That doesn't provide you
> with 48 bytes of strong randomness, you are lucky to get even a few
> bytes.

  I'm not impressed by the modulo 255 operation either!


>         //
>         // Random bytes
>         //
>         for( i=2; i < TLS_PMS_SIZE; i++ )
>                 pbPMS[i] = ( BYTE ) ( rand() % 255 );

  Both that and the use of rand are indicators of serious lack of
programming skill/experience.


    cheers,
      DaveK
-- 
Can't think of a witty .sigline today....



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/