Re: [PATCH] Correct the security weak construction of client_random and server_random in Client and Server Hellos.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Feb 10, 2016 at 02:39:21PM +0000, Nick Lowe wrote:
> Correct the security weak construction of client_random and
> server_random in Client and Server Hellos. random_get_bytes(...) already
> mixes in the current date and time via its entropy pool.

Calling a 32-byte field with 28 bytes (224 bits!) of strong random data
a weak construction is pushing definition of "weak" pretty far.. This is
the way TLS has been defined at least up to and including TLS v1.2. I
know that there is an attempt to deprecate gmt_unix_time and remove it
at least from TLS v1.3. However, it does not look like
draft-mathewson-no-gmtunixtime-00 has yet been published as an RFC.
Should that happen, I'd be fine with this type of patch with the commit
message updated to point to that RFC as the reason instead of claims of
this being weak.

-- 
Jouni Malinen                                            PGP id EFC895FA

_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap



[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux