|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
Date: Wed, 15 Aug 2001 10:56:37 -0500 From: Brian Hatch <bugtraq@ifokr.org> To: qmail@list.cr.yp.to, jos-tls@kotnet.org, bugtraq@securityfocus.com Message-ID: <20010815105637.A30794@ifokr.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="1HiqrRAOzahhT936" Content-Disposition: inline In-Reply-To: <20010815025736.A11987@codeblau.de>; from felix-qmail@fefe.de on Wed, Aug 15, 2001 at 02:57:36AM +0200 --1HiqrRAOzahhT936 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable > openssl-0.9.6b does not allow ssl/tls connections when the random number > has not been seeded. This is a good idea, and it exposes that the > starttls patch for qmail does not seed the random number generator. >=20 > Here is a small patch that fixes the problem in qmail-remote for systems > that support /dev/urandom (the same can be done for qmail-smtpd but I > can't test it right now). Not seeding the random number generator is a > serious bug and it completely compromises the cryptographic privacy of > TLS encrypted emails. Not seeding the PRNG is a serious error. However OpenSSL should seed from /dev/urandom automatically without even calling RAND_seed: OpenSSL makes sure that the PRNG state is unique for each thread. On systems that provide /dev/urandom, the randomness device is used to seed the PRNG transparently. However, on all other systems, the application is responsible for seeding the PRNG by calling RAND_add(), RAND_egd(3) or RAND_load_file(3). So the question becomes *why* is in not seeding from /dev/urandom on it's own? Also you should make sure to check the return values in your code -- on systems with no /dev/urandom you will seed with 32-64 bytes of non-random data instead, giving the appearance of security where this is none. You may want to check out the RAND_egd() function which can be used to seed from a PRNG daemon. If you want to look at some rather long winded but thougrough PRNG-seeding code, see the initialize_prng function (in ssl.c) in the Stunnel source code. -- Brian Hatch Linux is like wigwam - Systems and no windows, no gates, Security Engineer apache inside. www.hackinglinuxexposed.com Every message PGP signed --1HiqrRAOzahhT936 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.2 (GNU/Linux) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjt6m7UACgkQbHrkO1vvTcp/FwCffjurLHKVc2pkSpoBcjOPAy97 YwUAn3qBa7BywfW+PHLJWZBLDHItYe87 =98ok -----END PGP SIGNATURE----- --1HiqrRAOzahhT936--
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |