On Wed, Jan 27, 2016 at 03:45:00PM +0000, Nick Lowe wrote:
> When generating the token, don't use a weak PRNG.
Why?
RFC 5931 has this to say about the token:
The value of the anti-clogging token MUST be unpredictable and SHOULD
NOT be from a source of random entropy. The purpose of the anti-
clogging token is to provide the server an assurance that the peer
constructing the EAP-pwd-ID/Response is genuine and not part of a
flooding attack.
Note especially that SHOULD NOT part..
> - data->token = os_random();
> + if (os_get_random((u8 *) &data->token, sizeof(data->token)) < 0) {
os_get_random() would seem to do exactly what that SHOULD NOT is
recommending against. Why would os_random() not be appropriate thing to
use here?
--
Jouni Malinen PGP id EFC895FA
_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap
