Re: qmail starttls patch does not seed the random number generator

From: Scott Renfro (scott@renfro.org)
Date: 08/16/01

• Previous message: James Dore: "Re: Groupwise Webaccess, NetWare web server, and Novell"
• In reply to: Jack Lloyd: "Re: qmail starttls patch does not seed the random number generator"
• Next in thread: D. J. Bernstein: "Re: qmail starttls patch does not seed the random number generator"
• Next in thread: Brian Hatch: "Re: qmail starttls patch does not seed the random number generator"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Thu, 16 Aug 2001 10:22:10 -0700
From: Scott Renfro <scott@renfro.org>
To: Jack Lloyd <lloyd@acm.jhu.edu>
Subject: Re: qmail starttls patch does not seed the random number generator
Message-ID: <20010816102209.I60185@bonsai.home.renfro.org>

On Wed, Aug 15, 2001 at 01:42:05PM -0400, Jack Lloyd wrote:
>
> 2) IIRC, OpenSSL adds a few "random" things like pid, uid, time, etc
> in the creation of the key

On ''Unix'' platforms, it adds getpid(), getuid(), and time(NULL).
Wagner and Goldberg demonstrated how very predictable these values were
years ago with the Netscape browser.

> 3) Oh, one more thing. An SSL/TLS key is negotiated between the
> client and server, and derived from random values sent by each of
> them.

But the client-random and server-random values are public. The only
secret input to the master secret is the pre-master secret which is
entirely supplied by the client. If the PRNG used by the client to
generate the pre-master secret is weak, an attacker that can sniff the
packets can decrypt them with relatively little effort.

In this case, you have to have a working and recognized-by-OpenSSL
/dev/urandom or an alternate source of good entropy.

--Scott

-- 
Scott Renfro <scott@renfro.org>

---

• Previous message: James Dore: "Re: Groupwise Webaccess, NetWare web server, and Novell"
• In reply to: Jack Lloyd: "Re: qmail starttls patch does not seed the random number generator"
• Next in thread: D. J. Bernstein: "Re: qmail starttls patch does not seed the random number generator"
• Next in thread: Brian Hatch: "Re: qmail starttls patch does not seed the random number generator"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: What doesnt lend itself to OO? ... >> proxy and instructs the server to constuct the real object. ... rather than client code. ... If 'clock' is instantiated in the server, ... > for the server interface at the OOA level. ... (comp.object) Re: More Duplicate E-mails Outlook 2003 -DRAT! ... A client configured to download and delete all messages will be able to ... another on the server. ... another, though, is through the UID, so if the server assigns the same UID ... Outlook Express handles this without duplicates by never even showing you ... (microsoft.public.outlook.general) This is going straight to the pool room ... or not the client has privilege to do what they're trying to do, ... The server environment is this: ... 3GL User action Routines that Tier3 will execute on your behalf during the ... Routine Name: USER_INIT ... (comp.os.vms) [Full-Disclosure] R: Full-Disclosure Digest, Vol 3, Issue 42 ... Full-Disclosure Digest, Vol 3, Issue 42 ... SD Server 4.0.70 Directory Traversal Bug ... Arkeia Network Backup Client Remote Access ... (Full-Disclosure) Re: What doesnt lend itself to OO? ... > rather than client code. ... no way to do that without also touching the object with clock semantics ... will not encapsulate both clock semantics and network semantics. ... The server can do whatever it wants ... (comp.object)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > bugtraq  > 2001-08