[cl-plus-ssl-devel] init-prng - unsecure random number generator initialization

Anton Vodonosov avodonosov at yandex.ru
Thu Oct 23 22:14:28 UTC 2008


Hello.

Currently cl+ssl uses the following function in initialization:

  (defun init-prng ()
    ;; this initialization of random entropy is not necessary on
    ;; Linux, since the OpenSSL library automatically reads from
    ;; /dev/urandom if it exists. On Solaris it is necessary.
    (let ((buf (cffi-sys::make-shareable-byte-vector +random-entropy+)))
      (dotimes (i +random-entropy+)
        (setf (elt buf i) (random 256)))
      (cffi-sys::with-pointer-to-vector-data (ptr buf)
        (rand-seed ptr +random-entropy+))))

The problem here is that RANDOM function is usually deterministic.
Moreover, at least in two implementations, CLISP and SBCL,
*RANDOM-STATE* has always the same value after lisp startup,
and therefore our initialization code always produce the
same values in the BUF. This is of course unsecure.

IMHO it is better to remove INIT-PRNG from initialization
and allow OpenSSL to initialize itself from /dev/random on
Linux and from CryptoAPI on Windows.

For Solaris users it is better to use some passphrase for
RAND-SEED (I also saw links to /dev/random drivers for Solaris,
but I do not know, whether OpenSSL will use it on that platform).

Best regards,
- Anton





More information about the cl-plus-ssl-devel mailing list