On Wed, Jan 27, 2016 at 03:45:00PM +0000, Nick Lowe wrote: > When generating the token, don't use a weak PRNG. Why? RFC 5931 has this to say about the token: The value of the anti-clogging token MUST be unpredictable and SHOULD NOT be from a source of random entropy. The purpose of the anti- clogging token is to provide the server an assurance that the peer constructing the EAP-pwd-ID/Response is genuine and not part of a flooding attack. Note especially that SHOULD NOT part.. > - data->token = os_random(); > + if (os_get_random((u8 *) &data->token, sizeof(data->token)) < 0) { os_get_random() would seem to do exactly what that SHOULD NOT is recommending against. Why would os_random() not be appropriate thing to use here? -- Jouni Malinen PGP id EFC895FA _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap