/pidgin/main: 5ecccdc2d618: Document a potential improvement in ...
Mark Doliner
mark at kingant.net
Sun Jan 6 13:51:00 EST 2013
Changeset: 5ecccdc2d618e69063969cbf3a01af703c08f956
Author: Mark Doliner <mark at kingant.net>
Date: 2013-01-06 10:50 -0800
Branch: default
URL: http://hg.pidgin.im/pidgin/main/rev/5ecccdc2d618
Description:
Document a potential improvement in ntlm random numbers.
diffstat:
libpurple/ntlm.c | 7 +++++++
1 files changed, 7 insertions(+), 0 deletions(-)
diffs (17 lines):
diff --git a/libpurple/ntlm.c b/libpurple/ntlm.c
--- a/libpurple/ntlm.c
+++ b/libpurple/ntlm.c
@@ -220,6 +220,13 @@ calc_resp(guint8 *keys, const guint8 *pl
des_ecb_encrypt(plaintext, results + 16, key);
}
+/*
+ * TODO: We think we should be using cryptographically secure random numbers
+ * here. We think the rand() function is probably bad. We think
+ * /dev/urandom is a step up, but using a random function from an SSL
+ * library would probably be best. In Windows we could possibly also
+ * use CryptGenRandom.
+ */
static void
gensesskey(char *buffer)
{
More information about the Commits
mailing list