Full Disclosure mailing list archives
SecureW2 TLS security problem
From: Simon Josefsson <jas () extundo com>
Date: Fri, 23 Sep 2005 12:14:00 +0200
Hi everyone! I was looking at the code for a TLS implementation, an open source implementation "SecureW2" by Alfa & Ariss, see: http://www.securew2.com/uk/index.htm I found that it uses weak random numbers when generating the pre-master-secret. The code is in "./Components/Common/release 3/version 0/source/CommonTLS.c" and quoted below. It appear to be using the weak srand/rand functions seeded by the milliseconds field from the system clock. That doesn't provide you with 48 bytes of strong randomness, you are lucky to get even a few bytes. Regards, Simon // // Name: TLSGenPMS // Description: Generate the 48 random bytes for the PMS (Pre Master Secret) // Author: Tom Rixom // Created: 17 December 2002 // DWORD TLSGenPMS( IN OUT BYTE pbPMS[TLS_PMS_SIZE] ) { int i = 0; SYSTEMTIME SystemTime; DWORD dwRet; dwRet = NO_ERROR; AA_TRACE( ( TEXT( "TLSGenPMS" ) ) ); pbPMS[0] = 0x03; pbPMS[1] = 0x01; // // Time (DWORD) // GetLocalTime( &SystemTime ); srand( ( unsigned int ) SystemTime.wMilliseconds ); //srand( ( unsigned )time( NULL ) ); // // Random bytes // for( i=2; i < TLS_PMS_SIZE; i++ ) pbPMS[i] = ( BYTE ) ( rand() % 255 ); AA_TRACE( ( TEXT( "TLSGenPMS::random bytes: %s" ), AA_ByteToHex( pbPMS, TLS_PMS_SIZE ) ) ); return dwRet; } _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- SecureW2 TLS security problem Simon Josefsson (Sep 23)
- Re: SecureW2 TLS security problem Dave Korn (Sep 23)