Am 13/09/2011 23:53, schrieb Michael Karcher:
In netmd.cli the random number is used for creating a nonce in this way:4. libnetmd/secure.c and netmdcli/netmdcli.c : ramdo) is not defined and implemented I fixed this as a "bloody hack" in utils.h using #ifdef WIN32 #include <stdlib.h> #include <time.h> static int random(){srand(time(NULL));return rand();}; #endifReseding every time is a real bad idea(tm). It is quite likely that time(NULL) returns the same value on two successive calls (it changes once per second). As we don't care about sniffing, just using rand() in the library should be fine, if the caller didn't srand so be it. In netmdcli.c, add "srand(time(NULL));" to the beginning of main. Then replace random by rand. Regards, Michael Karcher unsigned char hostnonce[8] = { 0 }; unsigned char *buf; uint64_t rand; . . rand = (uint64_t)random(); buf = hostnonce; netmd_copy_quadword_to_buffer(&buf, rand); . . As far as i know random() and rand() are 32bit only. What about using "gcry_create_nonce(unsigned char *buffer, size_t length)" from libgcrypt instead? unsigned char hostnonce[8] = { 0 }; . . gcry_create_nonce(hostnonce, sizeof(hostnonce)); Regards Thomas |