linuxdcpp-team team mailing list archive

Thread
Date

[Bug 920794] [NEW] Util::initialize() never called. same seed used every startup

To: linuxdcpp-team@xxxxxxxxxxxxxxxxxxx
From: Andy Chmilenko <920794@xxxxxxxxxxxxxxxxxx>
Date: Tue, 24 Jan 2012 02:51:32 -0000
Reply-to: Bug 920794 <920794@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

*** This bug is a security vulnerability ***

Private security bug reported:

>From my investigation and experience, Util::initialize() never called
which contains the sgenrand call that seeds the random number generator
to the time.

seed always 4357 set from rand() when salts are generated. The same
salts are used every time from start up.

I think this is kind of missing the point of random salts to a point.

** Affects: adchpp
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of
Dcplusplus-team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/920794

Title:
  Util::initialize() never called. same seed used every startup

Status in ADCH++:
  New

Bug description:
  From my investigation and experience, Util::initialize() never called
  which contains the sgenrand call that seeds the random number
  generator to the time.

  seed always 4357 set from rand() when salts are generated. The same
  salts are used every time from start up.

  I think this is kind of missing the point of random salts to a point.

To manage notifications about this bug go to:
https://bugs.launchpad.net/adchpp/+bug/920794/+subscriptions

Follow ups

[Bug 920794] Re: Util::initialize() never called. same seed used every startup
From: poy, 2012-05-30
[Bug 920794] Re: Util::initialize() never called. same seed used every startup
From: Jacek Sieka, 2012-01-29
[Bug 920794] [NEW] Util::initialize() never called. same seed used every startup
From: Andy Chmilenko, 2012-01-24

References

[Bug 920794] [NEW] Util::initialize() never called. same seed used every startup
From: Andy Chmilenko, 2012-01-24