[PATCH] Correct the security weak construction of client_random and server_random in Client and Server Hellos.

Jouni Malinen j at w1.fi
Sat Feb 20 09:17:17 PST 2016


On Wed, Feb 10, 2016 at 02:39:21PM +0000, Nick Lowe wrote:
> Correct the security weak construction of client_random and
> server_random in Client and Server Hellos. random_get_bytes(...) already
> mixes in the current date and time via its entropy pool.

Calling a 32-byte field with 28 bytes (224 bits!) of strong random data
a weak construction is pushing definition of "weak" pretty far.. This is
the way TLS has been defined at least up to and including TLS v1.2. I
know that there is an attempt to deprecate gmt_unix_time and remove it
at least from TLS v1.3. However, it does not look like
draft-mathewson-no-gmtunixtime-00 has yet been published as an RFC.
Should that happen, I'd be fine with this type of patch with the commit
message updated to point to that RFC as the reason instead of claims of
this being weak.

-- 
Jouni Malinen                                            PGP id EFC895FA



More information about the Hostap mailing list