cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: [bagder/curl] eefeb7: curl_sasl: Extended native DIGEST-MD5 cnonce to be...

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Mon, 2 Jun 2014 12:10:27 +0200 (CEST)

On Mon, 2 Jun 2014, Daniel Stenberg wrote:

> If we really want to add more "randomness", wouldn't it be better to call
> Curl_rand() two more times instead? It is getting "real" random data from
> the underlying TLS/crypto library and that is bound to be safer than adding
> the current time.

I suggest this simple patch - see attachment.

It also has the added benefit that once I (finally) add my code that "fakes"
Curl_rand() for debug builds we won't have to have any DEBUGBUILD conditionals
in that code path - having the time/date involved would make that harder.

-- 
  / daniel.haxx.se

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html

TEXT/x-diff attachment: 0001-sasl-use-Curl_rand-for-random-data.patch

Received on 2014-06-02

This message: [ Message body ]
Next message: Дмитрий Фалько: "known bug #83"
Previous message: Daniel Stenberg: "Re: [bagder/curl] eefeb7: curl_sasl: Extended native DIGEST-MD5 cnonce to be..."
In reply to: Daniel Stenberg: "Re: [bagder/curl] eefeb7: curl_sasl: Extended native DIGEST-MD5 cnonce to be..."
Next in thread: Steve Holme: "RE: [bagder/curl] eefeb7: curl_sasl: Extended native DIGEST-MD5 cnonce to be..."

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]