tags 815442 + security retitle 815442 stun: seeds RNG from TSC clock? thanks Hi, Andreas Beckmann wrote: > stun FTBFS on kfreebsd-amd64 (but it built there previously and it > also builds on kfreebsd-i386): > [...] > stun.cxx:681:7: error: #error Need some way to seed the random number generator > # error Need some way to seed the random number generator > ^ And normally it seeds from what!? 661 #if defined(WIN32) [...] 672 #elif defined(__GNUC__) && ( defined(__i686__) || defined(__i386__) ) 673 asm("rdtsc" : "=A" (tick)); [...] 676 #elif defined(__MACH__) || defined(__linux) 677 int fd=open("/dev/random",O_RDONLY); the TSC clock!? *omg* Is that really a good entropy source? And even using it in *preference* to /dev/random (on linux-i386)? I would have filed a simple patch to fix the build on kfreebsd-amd64, but it seems there are bigger problems. What is this RNG used for? Not for the actual crypto I hope? 678 read(fd,&tick,sizeof(tick)); 679 closesocket(fd); does not even check that it could open /dev/random or that it has really read anything. Will fail silently and seed with 0x0000000000000000, if in a misconfigured chroot /dev/random is missing, or if there are too many open fds for example. Maybe it could also read fewer than 64 bits. Regards, -- Steven Chamberlain steven@pyro.eu.org
Attachment:
signature.asc
Description: Digital signature