changeset
Document a potential improvement in ntlm random numbers.
Sun, 06 Jan 2013 10:50:55 -0800
- author
- Mark Doliner <mark@kingant.net>
- date
- Sun, 06 Jan 2013 10:50:55 -0800
- changeset 33583
- 5ecccdc2d618
- parent 33579
- 0e76af161e5a
- child 33584
- 51ff7a37c380
Document a potential improvement in ntlm random numbers.
| libpurple/ntlm.c | file | annotate | diff | comparison | revisions |
--- a/libpurple/ntlm.c Sat Jan 05 20:45:36 2013 -0800 +++ b/libpurple/ntlm.c Sun Jan 06 10:50:55 2013 -0800 @@ -220,6 +220,13 @@ des_ecb_encrypt(plaintext, results + 16, key); } +/* + * TODO: We think we should be using cryptographically secure random numbers + * here. We think the rand() function is probably bad. We think + * /dev/urandom is a step up, but using a random function from an SSL + * library would probably be best. In Windows we could possibly also + * use CryptGenRandom. + */ static void gensesskey(char *buffer) {
