Full Disclosure mailing list archives
Re: SecureW2 TLS security problem
From: "Dave Korn" <davek_throwaway () hotmail com>
Date: Fri, 23 Sep 2005 14:05:54 +0100
----Original Message----
From: Simon Josefsson Message-Id: ilumzm4qefr.fsf () latte josefsson org
Hi everyone! I was looking at the code for a TLS implementation, an open source implementation "SecureW2" by Alfa & Ariss, see: http://www.securew2.com/uk/index.htm I found that it uses weak random numbers when generating the pre-master-secret. The code is in "./Components/Common/release 3/version 0/source/CommonTLS.c" and quoted below. It appear to be using the weak srand/rand functions seeded by the milliseconds field from the system clock. That doesn't provide you with 48 bytes of strong randomness, you are lucky to get even a few bytes.
I'm not impressed by the modulo 255 operation either!
// // Random bytes // for( i=2; i < TLS_PMS_SIZE; i++ ) pbPMS[i] = ( BYTE ) ( rand() % 255 );
Both that and the use of rand are indicators of serious lack of programming skill/experience. cheers, DaveK -- Can't think of a witty .sigline today.... _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- SecureW2 TLS security problem Simon Josefsson (Sep 23)
- Re: SecureW2 TLS security problem Dave Korn (Sep 23)