-
Notifications
You must be signed in to change notification settings - Fork 1.5k
Commit
…eys for secret chats)
- Loading branch information
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -2263,8 +2263,10 @@ void do_send_accept_encr_chat (struct secret_chat *E, unsigned char *random) { | |
} | ||
} | ||
if (ok) { return; } // Already generated key for this chat | ||
for (i = 0; i < 64; i++) { | ||
*(((int *)random) + i) ^= mrand48 (); | ||
This comment has been minimized.
Sorry, something went wrong.
This comment has been minimized.
Sorry, something went wrong.
vysheng
Owner
|
||
unsigned char random_here[256]; | ||
do_rand (random_here, 256); | ||
for (i = 0; i < 256; i++) { | ||
random[i] ^= random_here[i]; | ||
} | ||
BIGNUM *b = BN_bin2bn (random, 256, 0); | ||
assert (b); | ||
|
You really should offer to delete and regenerate all keys generated with the old code. This code means that, for the server which knows
random
, there can be only 2^48 possible keys used. Additionally it is very easy for the server to brute-force the internal rand48 state as it can observe output values from other places wherelrand48
is used.