[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS: random seed file is not updated (ITS#948)

At 08:13 PM 1/4/01 +0000, gombasg@inf.elte.hu wrote:
>Full_Name: Gabor Gombas
>Version: 2.x-DEVEL
>URL: ftp://ftp.openldap.org/incoming/
>Submission from: (NULL) (
>The TLS code in OpenLDAP has support using a regular file to seed the
>random number generator. The problem is, that this file is never

It can be viewed as the user responsibility, but...

>OpenSSL by default feeds some random information (such as
>the current time and process id) to the RNG which saves us from using
>exactly the same random number sequence every time, but this is
>not strong enough for cryptographic purposes.

I agree.

>So either the seed file
>should be updated using RAND_write_file() when an application exits,
>or simply drop support for seed files and require the presence of
>either a kernel random device or egd.

But as the user may start two applications at once, there is
still opportunity that they share the same random bits.  Though
one likely can reduce the window of opportunity by writing a
new file immediately after reading the contents, the window
requires some form of synchronization between the applications
to avoid sharing of the random bits.  File locking would be
one approach.

Of course, one could view the small window of opportunity as
an acceptable in their application of the client tools.

I've updated the code to write a new file iff the old file
contained enough bits to initialize the PRNG.