Review RNG code
jbkempf opened this issue · comments
Review RNG code
iirc, the initial rand was pretty bad but now we're reading from /dev/urandom ?
In smb_ntlm_generate_challenge, we just have urandom, and this is clearly not enough for iOS/OSX or other platforms where /dev/urandom is not present.
Moreover, it's possible we need to start the generator before using it.
This is totally enough for OSX. I don't know about iOS, but it's likely the
same.
For other platforms where /dev/urandom is not present, i agree we'll need
something else. But now i think about it, which platform except windows is
it not available ?
On Wed, Dec 16, 2015 at 11:29 AM, Jean-Baptiste Kempf <
notifications@github.com> wrote:
Moreover, it's possible we need to start the generator before using it.
—
Reply to this email directly or view it on GitHub
#51 (comment).
Linux, Android, BSD and OSX should be OK, indeed.
For iOS, we should use Randomization Services https://developer.apple.com/library/ios/documentation/Security/Reference/RandomizationReference/index.html#//apple_ref/doc/uid/TP40007281
For Windows and WinRT, we need to use the CryptoGen calls (see VLC for this)
Windows and WintRT does not need libdsm anyway.
+1 for ios
On Wed, Dec 16, 2015 at 12:15 PM, Jean-Baptiste Kempf <
notifications@github.com> wrote:
Linux, Android, BSD and OSX should be OK, indeed.
For iOS, we should use Randomization Services
https://developer.apple.com/library/ios/documentation/Security/Reference/RandomizationReference/index.html#//apple_ref/doc/uid/TP40007281
For Windows and WinRT, we need to use the CryptoGen calls (see VLC for
this)—
Reply to this email directly or view it on GitHub
#51 (comment).
Well, WinRT does actually :)
It's possible that iOS works with urandom, a contrario from what the code says.
So, the issue is only remaining for WinRT. Let's close it for now.