[JDEV] Still another patch ... (seed the rand() function)
JHildebrand at jabber.com
Mon Oct 13 14:09:26 CDT 2003
Can't I send an iq:last to the server to find out how long it's been up? In
which case, I as an attacker can get pretty close to guessing the seed...
> -----Original Message-----
> From: Matthias Wimmer [mailto:m at tthias.net]
> Sent: Saturday, October 11, 2003 5:11 PM
> To: jdev at jabber.org
> Subject: [JDEV] Still another patch ... (seed the rand() function)
> Sorry to flood this mailinglist this week end. ;-) This is
> another patch for jadc2s.
> jadc2s used the rand() function to generate ids for the
> digest authentication but never seeds the rand() function.
> The result is that with every restart of jadc2s it generates
> the same sequence of ids again. This is a very bad behavior
> especially on servers with less load.
> An attacker could takeover and account if he is able to sniff
> connections and if he is able to crash jadc2s (or jadc2s is
> restarted regularily). He can just sniff which id was sent to
> the client and what the client sent back as response.
> Afterwards he crashes jadc2s or waits for an other restart.
> Then he just has to wait for the right moment where the
> server will generate this key again (counting the logins),
> connect to it and he will be successfully able to
> authenticate as the other user. By changing the password he
> has taken over the account.
> The fix is to just seed the rand() function at startup of
> jadc2s with the current time that will be different for every
> restart. (But using
> rand() to generate the digest ids still isn't a very strong
> Tot kijk
> --- jadc2s.c 2003-10-10 11:05:45.000000000 +0200
> +++ jadc2s-srand.c 2003-10-12 00:53:41.000000000 +0200
> @@ -200,6 +200,9 @@
> return 1;
> + /* seed the rand() function */
> + srand(time(NULL));
> /* start logging */
> c2s->log = log_new("jadc2s");
> log_write(c2s->log, LOG_NOTICE, "starting up");
> For kibibytes see:
More information about the JDev