]> git.ipfire.org Git - thirdparty/hostap.git/commit
projects / thirdparty / hostap.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 239952b) | patch
EAP-pwd server: Use os_get_random() for unpredictable token
authorNick Lowe <nick.lowe@lugatech.com>
Tue, 9 Feb 2016 16:02:32 +0000 (16:02 +0000)
committerJouni Malinen <j@w1.fi>
Fri, 19 Feb 2016 16:44:40 +0000 (18:44 +0200)
commit4b16c15bbc8b20a85bb3d6f45bba5621a047618e
tree9438e9c8fd7ef27ea662bd5c0d19acd0484e8558tree | snapshot
parent239952b4daba6b99bf713950b30f848ca66cc062commit | diff
EAP-pwd server: Use os_get_random() for unpredictable token

Do not use os_random() that uses a low quality PRNG to generate the
anti-clogging token. The construction can be improved upon by replacing
it with a call to os_get_random(), which uses a high quality PRNG. While
the RFC 5931 explictly recommends not to do this ("SHOULD NOT be from a
source of random entropy"), it does still mandate unpredicability ("MUST
be unpredictable"). The anti-clogging token is most unpredictable when
it is taken from a high quality PRNG.

Signed-off-by: Nick Lowe <nick.lowe@lugatech.com>
src/eap_server/eap_server_pwd.c diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.