wernerd
Impropper initialization of RNG on Windows
In the original random number generator I was able to reproduce the same random numbers on Windows in Debug mode,
On Windows platform when using GNU ZRTP library in standalone, without OpenSSL, the integrated random number generator is not initializated with enought entropy. This code will add entropy using the system timers
https://en.wikipedia.org/wiki/Clock_drift#Random_number_generators
Thanks for you interest. Unfortunately using timers like that does not add enough entropy to meaningfully enhance security.
Werner: Is using ZRTPCPP on Windows without OpenSSL even supported? If so, is he correct that it currently runs without any entropy source?
Actually not tested or verified for Windows. The random initialization has a comment that explicitly states that Windows is not supported.
On the other hand we don't rely on the Systems random generator only. We add entropy during the calls, thus the client calls the add_entropy with some data. This enhances entropy in general.
Werner
Am 16.09.2013 16:36, schrieb traviscross:
Thanks for you interest. Unfortunately using timers like that does not add enough entropy to meaningfully enhance security.
Werner: Is using ZRTPCPP on Windows without OpenSSL even supported? If so, is he correct that it currently runs without any entropy source?
Reply to this email directly or view it on GitHub: https://github.com/wernerd/ZRTPCPP/pull/8#issuecomment-24514424
Werner Dittmann [email protected] Tel +49 173 44 37 659 PGP key: 82EF5E8B
If the random number generator is not to be used on the Windows platform, then please consider adding an compiler time error message into the code.
#if !(defined(_WIN32) || defined(_WIN64))
int rnd = open("/dev/urandom", O_RDONLY);
if (rnd >= 0) {
num = read(rnd, seed, length);
close(rnd);
}
else
return num;
#else
#error This random number generator can not be used on Windows platform without seeding!
#endif