cURL / Mailing Lists / curl-library / Single Mail

curl-library

[PATCH] NTLM: use a fake entropy for debug builds

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Mon, 17 Mar 2014 22:32:47 +0100 (CET)

Hi,

I was reminded about the fixed string entropy we use in in the NTLM code for
debug builds. I want debug-builds to still work if used against real world
machines and this fixed string is then a security issue.

I'm suggesting an approach like attached, that allows the test suite to set
the random string to use for testing purposes but it will make curl work
basically as usual outside of the test suite if used for real.

Objections?

-- 
  / daniel.haxx.se


-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html

Received on 2014-03-17