Unsafe use of g_random_int()
mmcconville at mykolab.com
Mon Aug 10 14:24:09 EDT 2015
I've been auditing Pidgin/libpurple's randomness usage for the past few
days. Ethan and I are working on a CPRNG API that can be used throughout
rand() is used in the MSN Nexus code (libpurple/protocols/msn/nexus.c).
There isn't an immediately apparent use of srand(), so that's *really*
bad. However, I can't find out whether MSN Nexus exists anymore or even
what the hell it is.
There's a more serious concern, though. Specifically, there are uses of
the Glib function g_random_int() to generate nonces in the Jabber SCRAM
and DIGEST_MD5 SASL code. The Glib docs state:
> Do not use this API for cryptographic purposes such as key generation,
> nonces, salts or one-time pads.
The nonces generated seem cryptographic, but I'm not familiar with the
protocol. This may not be used if Cyrus is available.
I'm not sure whether Glib is just being conservative in this warning, or
if using this for random number is seriously dangerous.
More information about the security