Theo de Raadt is asking users of OpenBSD to help upstream vendors - TopicsExpress



          

W Steven Schneider

Theo de Raadt is asking users of OpenBSD to help upstream vendors who are using deterministic number generators. From: Theo de Raadt Subject: Want to help upstream software improve their random? To: [email protected] In all of these code blocks are a well-known piece of information (same time on your machine as everywhere else) is being used to seed a deterministic number generator. At some later point, deterministic numbers are taken out using rand(), random(), drand48(), lrand48(), mrand48(), or srand48(), or some derivative function inside the program itself, and used for WHO KNOWS WHAT PURPOSE. I did not audit what the numbers are being used for. Quite likely some numbers are just used to help hashing. Some could be used to print pretty pictures. But in xulrunner? In the zip password creator? In postgresql, or say in openldap (a network related thing)? It is doubtful they are all fine. For the benefit of other projects who havent taken the same steps as OpenBSD, it would be nice if some people helped out these pieces of software. EMBOSS-6.0.1 srand((unsigned) time(&tm)); ORBit2-2.14.19 srand (t.tv_sec ^ t.tv_usec ^ getpid () ^ getuid ()); apr-util-1.5.3 srand((unsigned int)(((time_now >> 32) ^ time_now) & 0xffffffff)); apr-util-1.5.3 srand((unsigned int)apr_time_now()); aqualung-0.9beta11 srand(time(0)); aqualung-0.9beta11 srand(time(NULL)); audacious-3.5.2 srand (time (NULL)); audacious-plugins-3.5.2 srand(time(NULL)); audacity-1.3.9 srand(time(0)); audacity-1.3.9 srand(time(NULL)); audacity-1.3.9 srand( (unsigned int) time(NULL) ); birda-1.1 srandom(t.tv_sec^t.tv_usec); boost-1.53.0 std::srand( runtime_config::random_seed() ); boost-1.53.0 srand(time(0)); boost-1.53.0 generator() { srand(time(0)); } boost-1.53.0 generator() { srand(time(0)); } boost-1.53.0 std::srand(time(0) + world.rank()); boost-1.53.0 std::srand(time(0) + world.rank()); boost-1.53.0 srand(time(0) + world.rank()); boost-1.53.0 srand(time(0) + world.rank()); boost-1.53.0 std::srand(time(0) + world.rank()); boost-1.53.0 std::srand(time(0) + world.rank()); boost-1.53.0 srand( time(NULL) ); boost-1.53.0 srand( time( NULL ) ); boost-1.53.0 srand ( time(NULL) ); boost-1.53.0 std::srand(static_cast(std::time(0))); boost-1.53.0 std::srand(static_cast(std::time(0))); boost-1.53.0 srand(time(0)); boost-1.53.0 srand(time(0)); boost-1.53.0 std::srand((unsigned int)std::time(NULL)); boost-1.53.0 srand(time(0)); bullet-2.81// srand(time(NULL) / 30); bullet-2.81 srand((unsigned)time(NULL)); // Seed it... bullet-2.81 srand ( time ( 0x0 ) ); c3270-3.3.11.6 srand(time(NULL)); c3270-3.3.11.6 srandom(time(NULL)); c3270-3.3.11.6 srand(time(NULL)); c3270-3.3.11.6 srandom(time(NULL)); c3270-3.3.11.6 srand(time(NULL)); c3270-3.3.11.6 srandom(time(NULL)); c3270-3.3.11.6 srand(time(NULL)); c3270-3.3.11.6 srandom(time(NULL)); c3270-3.3.11.6 srand(time(NULL)); c3270-3.3.11.6 srandom(time(NULL)); c3270-3.3.11.6 srand(time(NULL)); c3270-3.3.11.6 srandom(time(NULL)); caps-plugins-0.4.4 srandom (tv.tv_sec ^ tv.tv_usec); celestia-1.6.1 std::srand(std::time(NULL)); celestia-1.6.1 std::srand(time(NULL)); celestia-1.6.1 srandom(time(NULL)); celt-0.11.1 srand(time(NULL)); celt07-0.7.1 srand(time(NULL)); cgdb-0.6.8 srand(time(NULL)); clementine-1.2.3 srandom((int)[[NSDate date] timeIntervalSince1970]); clementine-1.2.3 srandom(time(NULL)); clementine-1.2.3 srand ( time ( NULL ) ); clementine-1.2.3 qsrand((time.tv_sec * 1000) + (time.tv_usec / 1000)); cmake-3.0.2 srand((unsigned)time(0)); cmake-3.0.2 srand((unsigned int)time(NULL)+randomizer++); /* seed / codeblocks-13.12 srand( time(NULL) ); codeblocks-13.12 inline void ini_random() { srand(time(0)); }; codeblocks-13.12 srand((unsigned)time(0)); codeblocks-13.12 srand(time(nullptr)); codeworker-4.5.4 if (iSeed >= 0) srand((unsigned) iSeed); codeworker-4.5.4 else srand((unsigned) time(NULL)); db-3.1.17 srand((u_int)time(NULL)); db-3.1.17 srand(getpid() | time(NULL)); db-3.1.17 srand((unsigned int)time(NULL)); db-4.6.21 srand((u_int)time(NULL)); db-4.6.21 srand(getpid() | time(NULL)); db-4.6.21 srand((unsigned int)time(NULL)); db-4.6.21 srand((u_int)time(NULL) % (u_int)getpid()); db-4.6.21 srand((u_int)(time(NULL) | getpid())); db-4.6.21 srand((u_int)(time(NULL) | getpid())); deadbeef-0.6.2 srand (time (NULL)); deadbeef-0.6.2// srand ((uint) ::time(NULL)); deadbeef-0.6.2 srand(time(NULL)); deadbeef-0.6.2 fixed random playback bug caused by libsidplay2 calling srand(time(NULL)) festival-1.95beta# define seed_random() srand((unsigned)time(NULL)) festival-1.95beta# define seed_random() srandom(time(NULL)); festival-1.95beta srand(time(NULL)); flac-1.3.0 srand((unsigned)time(0)); flac-1.3.0 srand((unsigned)time(0)); flac-1.3.0 srand((unsigned)time(0)); fldigi-3.21.83// srand(time(NULL)); fritzing-0.9.0 srand ( time(NULL) ); fritzing-0.9.0 srand((unsigned)(time(NULL) ^ ZCR_SEED2)); giblib-1.2.4 srand(getpid() * time(NULL) % ((unsigned int) 1)); glyr-1.0.2 srand (time (NULL) ); glyr-1.0.2 srand (time (NULL) ); gperf-3.0.4 srand (static_cast(time (0))); gqmpeg-0.91.1 srand(time(NULL)); gsl-1.16.0.3-ruby21 srand(time(NULL)); gtkpod-1.0.0 srand(time(NULL)); hydrogen-0.9.4 srand( time( NULL ) ); hylafax-6.0.6 srand(time(NULL)); iozone-3.429 srand(time(0)); jack-0.121.3 srandom (time ((time_t *) 0)); jpilot-1.8.2 srandom(time(NULL)); jpilot-1.8.2 srandom(time(NULL)); jpilot-1.8.2 srand(time(NULL) * getpid()); kdevplatform-1.6.0 srand(time(NULL)); kdevplatform-1.6.0 srand(time(NULL)); kdevplatform-1.6.0 //srand(time(NULL)); kdevplatform-1.6.0 srand(time(NULL)); kdevplatform-1.6.0 std::srand( std::time ( 0 ) ); kicad-20100505 srand((unsigned)(time(NULL) ^ ZCR_SEED2)); ksmp3play-0.5.1 srand ((unsigned int) time (NULL)); kyotocabinet-1.2.76 srand(time(NULL)); lame-3.99.5 srand ( time (NULL) ); libivykis-0.36.2 srand(time(NULL) ^ getpid()); libmemcached-0.48 srandom((uint32_t) time(NULL)); libmemcached-0.48 srandom((uint32_t) time(NULL)); libmemcached-0.48 srandom((unsigned int)time(NULL)); libmemcached-0.48 srandom((unsigned int)time(NULL)); libmodplug-0.8.8.5 srandom((uint32_t)time(0)); // initialize random generator with seed libmp3splt-0.5.4 srand(time(NULL)); libmtp-1.1.6 srand(time(NULL)); liboil-0.3.17 srand(time(NULL)); liboil-0.3.17 srand(time(NULL)); liboil-0.3.17 srand(time(NULL)); libreoffice-4.3.4.1 srand((unsigned int)time(NULL)); libreoffice-4.3.4.1 srand( (unsigned) time( NULL ) ); // Random Seed Init fuer Interpreter libreoffice-4.3.4.1 srand( unsigned( time( NULL ) )); libreoffice-4.3.4.1 srand( (unsigned)(t = time( NULL )) ); libreoffice-4.3.4.1 srand( unsigned( time( NULL ) )); libreoffice-4.3.4.1 srand( (unsigned)time( NULL ) ); libyubikey-1.12 srand (time (NULL)); lmms-0.4.8 srand( time( NULL ) ); lmms-0.4.8 srand(time(NULL)); lmms-0.4.8// srand(time(0)); lmms-0.4.8 srand (tv.tv_sec ^ tv.tv_usec); lmms-0.4.8 srand( getpid() + time( 0 ) ); lmms-0.4.8 srand( getpid() + time( 0 ) ); madplay-0.15.2b srand(time(0)); mariadb-10.0.14 srand((uint) time(NULL)); mariadb-10.0.14 srand(time(0)); mariadb-10.0.14 srand(time(0)); mariadb-10.0.14 srand(time(0)); mariadb-10.0.14 srand(time(0)); mariadb-10.0.14 srand(num*time(NULL)); mariadb-10.0.14 srand(time(NULL)/(i+1)); mariadb-10.0.14 srand((i+1)*time(NULL)); mariadb-10.0.14 srand(num*time(NULL)); mariadb-10.0.14 srand(num*time(NULL)); mariadb-10.0.14 srand(num*time(NULL)); mariadb-10.0.14 srand (time(NULL)); mariadb-10.0.14 srandom(time(NULL)); mariadb-10.0.14 srandom(tv.tv_sec * 1000000 + tv.tv_usec); mariadb-10.0.14 // Once upon a time srandom(8) caused this test to fail. mariadb-10.0.14 srandom(time(0)); mariadb-10.0.14 srandom((uint)time(NULL)); mgetty+sendfax-1.1.37 srand((unsigned)time(NULL)); mgetty+sendfax-1.1.37 srand(time(NULL) | getpid()); mgetty+sendfax-1.1.37 srand(time(NULL) | getpid()); mgetty+sendfax-1.1.37 srandom(time(NULL) | getpid()); mico-2.3.13 srand (time (0)); mikmod-3.2.6 srand(time(NULL)); mikmod-3.2.6 srandom(time(NULL)); mimepp-1.0 srand(time(0)); mongodb-2.6.4 srand( ++z ^ (unsigned) time(0)); mongodb-2.6.4 std::srand( runtime_config::random_seed() ); motif-2.3.4 srand((int) time(NULL)); mp3blaster-3.2.5 srand((unsigned int)time(&t)); mp3blaster-3.2.5 srandom(time(&t)); mpg123-1.21.0#include / For srand(). / mpg321-0.3.2 srand(time(NULL)); mscore-1.3 srand(time(NULL) ^ 3141592654UL); nap-1.5.3 srand(tv.tv_usec + 1000000*tv.tv_sec); ncmpcpp-0.6.1 srand(time(nullptr)); netstrain-3.0 srand(time(NULL)); ode-0.12 srand( static_cast< unsigned int >( time( 0 ) ) ); openldap-2.4.40 srand(time(NULL)); openldap-2.4.40 srand(time(NULL)); openldap-2.4.40 srand(time(NULL)); openldap-2.4.40 srand(time(NULL)); openldap-2.4.40 srand(time(NULL)); openldap-2.4.40 srv_srand(time(0L)); openmpi-1.4.1 srandom( (int)time(NULL) ); openmpi-1.4.1 srand((unsigned int)time(NULL)); opennap-0.44 srand (global.current_time + getuid () + getpid ()); opus-tools-0.1.9 srand(((getpid()&65535) 32) ^ time_now)&0xffffffff)); pcb-20110918 effect usage in our application. Added srand( time(NULL) ) to main.c to set the seed. pcb-20110918#include / Seed for srand() / pcb-20110918 srand ( time(NULL) ); / Set seed for rand() / pgbouncer-1.5.4 srandom(time(NULL) ^ getpid()); pgpool-II-3.2.3 srandom((unsigned int) (getpid() ^ uptime.tv_usec)); physfs-2.0.3 srand((unsigned int) time(NULL)); pms-0.42 srand(time(NULL)); postgresql-9.3.5 srandom((unsigned int) INSTR_TIME_GET_MICROSEC(start_time)); postgresql-9.3.5 srandom((unsigned int) time(NULL)); pulseaudio-5.0 srand((unsigned) time(NULL)); pulseaudio-5.0 srand((unsigned) time(NULL)); qdbm-1.8.78 if(cnt == 0) srand(time(NULL)); qdbm-1.8.78 if(cnt == 0) srand(time(NULL)); qdbm-1.8.78 if(cnt == 0) srand(time(NULL)); qdbm-1.8.78 srand(time(NULL)); qdbm-1.8.78 if(cnt == 0) srand(time(NULL)); qdbm-1.8.78 srand(time(NULL)); qdbm-1.8.78 if(cnt == 0) srand(time(NULL)); qdbm-1.8.78 if(cnt == 0) std::srand(std::time(NULL)); qgit-1.5.7 srand (time(NULL)); quazip-0.7 srand((unsigned)(time(NULL) ^ ZCR_SEED2)); qucs-0.0.16 ::srand (::time (NULL)); redis-2.8.17 srandom(time(NULL)); redis-2.8.17 srand(time(NULL)); redis-2.8.17 srand(time(NULL)^getpid()); rplay-3.3.2main(v,c)char**c;{srandom((int)time(!++c)*getpid());v->1?printf(%s\n,c[random()%v]):(int)v;} rplay-3.3.2 srandom(time(NULL)); schismtracker-20100101 srand(time(NULL)); scmxx-0.8.0 srand(time(NULL)); siege-2.70 srand( (unsigned)time( NULL ) * seed ); silc-toolkit-1.1.12 srand((time(NULL) + buf_len) ^ rand()); smstools3-3.1.15 srand((int)(time(NULL) * getpid())); snack2.2.10 srand(time(NULL)); soprano-2.9.4 srand( time(0) ); soundtracker-0.6.8 srand (time(NULL)); sparsehash-2.0.2 srand(r); // keep compiler from optimizing away r (we never call rand()) sparsehash-2.0.2 srand(9); sparsehash-2.0.2 srand(r); // keep compiler from optimizing away r (we never call rand()) sparsehash-2.0.2 srand(r); // keep compiler from optimizing away r (we never call rand()) speex-1.2rc1 srand(time(NULL)); strigi-0.7.7pl1 srand((unsigned int)time(NULL)); sunclock-3.56-no_maps srandom(Context->time); sysbench-0.4.8 srandom(time(NULL)); tap-plugins-0.7.1 srand(time(0)); teknap-1.3g srand((unsigned)time(NULL)); teknap-1.3g $srand($time()) a very large seed timidity-2.13.2 srand(time(NULL)); timidity-2.13.2 srand(time(NULL)); timidity-2.13.2 srand(time(NULL)); timidity-2.13.2 srand(time(NULL)); tla-1.2 srandom (time (0)); tla-1.2 srandom (time (0)); tracker-5.3 srand(time(0)); tracker-5.3 srand(time(0)); tremor-tools-1.0 srand(time(NULL)); tremor-tools-1.0 srandom(time(NULL)); tremor-tools-1.0 srand(time(NULL)); virtuoso-6.1.6 srand((double) microtime() * 1000000); virtuoso-6.1.6 srand ((unsigned int) time(NULL)); virtuoso-6.1.6 srand ((unsigned) time (NULL)); virtuoso-6.1.6 srand ((unsigned int) (((time_now >> 32) ^ time_now) & 0xffffffff)); virtuoso-6.1.6 srand((unsigned)(time(NULL) ^ ZCR_SEED2)); vorbis-tools-1.4.0 srandom(time(NULL)); vorbis-tools-1.4.0 srand(time(NULL) ^ getpid()); vorbis-tools-1.4.0 srand(time(NULL) ^ getpid()); wmglobe-1.3 srandom(((int) time(NULL)) + ((int) getpid())); wmmp3-0.12 srand(time(NULL)); x3270-3.3.6 srandom(time(NULL)); xearth-1.1 srandom(((int) time(NULL)) + ((int) getpid())); xhippo-3.5 srand(time(0)); xmcd-2.6 srand((unsigned) time(NULL)); xmcd-2.6 srand((unsigned) time(NULL)); xmms-1.2.11 srandom(time(NULL)); xmms2-0.8 srand (time (NULL)); xulrunner-24.8.0 srand(time(nullptr)); xulrunner-24.8.0 srand(time(NULL)); xulrunner-24.8.0 srand(time(NULL)); xulrunner-24.8.0 srand(time(NULL)); xulrunner-24.8.0 srand(time(NULL)); xulrunner-24.8.0 srand((unsigned int)time(NULL)); xulrunner-24.8.0/mozilla-esr24/security/nss/lib/freebl/mpi/utils/bbsrand.c- seed = time(NULL); xulrunner-24.8.0 srand((unsigned int)time(NULL)); xulrunner-24.8.0 srand(seed); xulrunner-24.8.0 srand(time(NULL) * (unsigned int)pid); xulrunner-24.8.0 srand(time(NULL)); xulrunner-24.8.0 srand((unsigned int)time(NULL)); xulrunner-24.8.0 srand(static_cast(time(NULL))); xulrunner-24.8.0 srand(time(0)); xulrunner-24.8.0 srand( (unsigned)time( NULL ) ); / seed random number generator */ xulrunner-24.8.0 srand(time(0)); xulrunner-24.8.0 srandom((int)[[NSDate date] timeIntervalSince1970]); xulrunner-24.8.0 srand(time(NULL)); xulrunner-24.8.0 srand(time(0)); xulrunner-24.8.0 srandom(time(NULL)); xulrunner-24.8.0 srandom(time(NULL)); xulrunner-24.8.0 srandom(time(NULL)); xulrunner-24.8.0 srandom(time(NULL)); xulrunner-24.8.0 srandom(time(NULL)); xulrunner-24.8.0 srandom(time(NULL)); xulrunner-24.8.0 srandom(time(NULL)); xulrunner-24.8.0 srandom(time(NULL)); xulrunner-24.8.0 srandom(time(NULL)); xulrunner-24.8.0 srandom(time(NULL)); xulrunner-24.8.0 srandom(time(NULL)); xulrunner-24.8.0 srandom(time(NULL)); xulrunner-24.8.0 srandom(time(NULL)); xulrunner-24.8.0 srandom(time(NULL)); xulrunner-24.8.0 srandom(time(NULL)); xulrunner-24.8.0 srandom(time(NULL)); \ xulrunner-24.8.0 srandom(time(NULL)); \ xulrunner-24.8.0 srandom(time(NULL)); \ xulrunner-24.8.0 srandom(time(NULL)); \ xulrunner-24.8.0 srandom(time(NULL)); \ xulrunner-24.8.0 srand((unsigned int) time(NULL)); xulrunner-24.8.0 srand((unsigned int) time(NULL)); xulrunner-24.8.0 srand((unsigned int)time(NULL) ); xulrunner-24.8.0 srand((unsigned int)time(NULL)); xulrunner-24.8.0 srand((unsigned int)time(NULL)); xulrunner-24.8.0 srand(time(NULL) ); xulrunner-24.8.0 srand(time(NULL)); xulrunner-24.8.0 srand(time(NULL)); xulrunner-24.8.0 srand(timeGetTime()); xulrunner-24.8.0 cpr_srand((unsigned int)time(NULL)); xulrunner-24.8.0 cpr_srand((unsigned int)time(NULL)); xulrunner-24.8.0 cpr_srand((unsigned int)time(NULL)); zip-3.0 standard UNIX C runtime library functions: time(), rand(), srand(). zip-3.0 srand((unsigned)time(NULL) ^ ZCR_SEED2);
Posted on: Mon, 15 Dec 2014 03:48:19 +0000

Trending Topics



Shimano TLD Triton Lever Drag Reel 20/700 uekwja9ba TLD20IIA
the Churches I visited today for my Visita Iglesia: 1. St. Jude
Ang pagsisisi ay laging nasa huli. Tama o Talagang may
I just created the best peanut butter banana sandwich that I felt
HBR evening mix : Odobrali na Slovensku už Nositeľom
Domain-Driven Design: Tackling Complexity in the Heart of
l. Now it is the Turkmen. There is a nation called Turkmenistan,
OEM Sprint Motorola Photon 4G MB855 LCD Touch Screen Digitizer
◆◆ WASPADAI WABAH ULAR KASUR ◆◆ inilah efek serius jika
YES! I agree so much with this post. I can not stand being kept
MY ACCEPTANCE SPEECH: Guys, am the new Jubilee Social Media
53-0601 Whatever He Says To You Do It Now, perfect faith, just
Black Friday @ Power Pro Depth-Hunter Metered LineCyber
GOOD MORNING The day has finally come ITS MY BIRTHDAY. First I

Recently Viewed Topics



Hey, guys. I decided that Im going to try something new. Like I
The article below reflects the respect given to soldiers in sane
A note to folks out at The Mann right now: due to heavy weather
Insurers Dogged By Claims Of Slanted Sandy ReportsBy James Gerken
Todays deadly -> When I look back at what I learned during my
I was raised Catholic. I was an Alter Boy, and I hear that they
I am not into politics, my vote is my secret but I have an
Today I lost a great friend that influenced me greatly. When I was
Round Bar Table in Medium Oak (36 in./30 in.
Latest news 12-07-2014 చిత్తూరులో

© 2015
TopicsExpress
About Us     Add Topic     Contact Us     Terms & Conditions     Privacy Policy