[8599] in cryptography@c2.net mail archive


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Bad PRNGs revisted in FreSSH

daemon@ATHENA.MIT.EDU (Charles M. Hannum)
Wed Feb 14 09:52:42 2001

Date: Mon, 12 Feb 2001 10:28:25 GMT
Message-Id: <200102121028.f1CASP410405@trinity.ihack.net>
From: "Charles M. Hannum" <root@ihack.net>
To: cryptography@c2.net

The newly announced FreSSH, when there is no /dev/urandom available,
uses a `fallback' to seed its PRNG that consists of:

                        int numfs, whichfs = 0;
                        struct statfs *mntbuf;
                        numfs = getmntinfo(&mntbuf, MNT_NOWAIT);
                        while (whichfs < numfs) {
                                ssh_rand_feed((void *) mntbuf,
                                    sizeof(struct statfs));
                                memset(mntbuf, 0, sizeof(struct statfs));
                                mntbuf++;
                                whichfs++;
                        }

I don't think I need to tell people on this list why that's absolutely
horrible; I'm just pointing out that code is still released today with
crap like this.  I would have thought we'd learned this lesson years
ago with the AFS, krb4, Netscape, et al vulnerabilities.


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[8599] in cryptography@c2.net mail archive

Bad PRNGs revisted in FreSSH

daemon@ATHENA.MIT.EDU (Charles M. Hannum)Wed Feb 14 09:52:42 2001

daemon@ATHENA.MIT.EDU (Charles M. Hannum)
Wed Feb 14 09:52:42 2001