[Full-disclosure] Re: SecureW2 TLS security problem
Dave Korn
davek_throwaway at hotmail.com
Fri Sep 23 14:05:54 BST 2005
----Original Message----
>From: Simon Josefsson
>Message-Id: ilumzm4qefr.fsf at latte.josefsson.org
> Hi everyone! I was looking at the code for a TLS implementation, an
> open source implementation "SecureW2" by Alfa & Ariss, see:
>
> http://www.securew2.com/uk/index.htm
>
> I found that it uses weak random numbers when generating the
> pre-master-secret. The code is in "./Components/Common/release
> 3/version 0/source/CommonTLS.c" and quoted below.
>
> It appear to be using the weak srand/rand functions seeded by the
> milliseconds field from the system clock. That doesn't provide you
> with 48 bytes of strong randomness, you are lucky to get even a few
> bytes.
I'm not impressed by the modulo 255 operation either!
> //
> // Random bytes
> //
> for( i=2; i < TLS_PMS_SIZE; i++ )
> pbPMS[i] = ( BYTE ) ( rand() % 255 );
Both that and the use of rand are indicators of serious lack of
programming skill/experience.
cheers,
DaveK
--
Can't think of a witty .sigline today....
Full-Disclosure is hosted and sponsored by Secunia.