Re: [sr-dev] git:master:4e9f49a5: tls: docs - relocated the note about krand and fastrand from default value paragraph

7 Oct 2019

Hi Daniel,
thank you for integrating the changes in the stable branches, I could 
have done it later as well.
One remark about the README change - in my opinion the krand and 
fastrand should not used in production. They will generate to weak 
random numbers. Refer for example to this wikipedia summary:
https://en.wikipedia.org/wiki/Random_number_generator_attack#Prominent_examp...
Many systems were broken by using insufficient random number generators.
So I think the documentation should indicate this as well.
Cheers,
Henning
Am 07.10.19 um 15:11 schrieb Daniel-Constantin Mierla:
...
Module: kamailio
Branch: master
Commit: 4e9f49a5e8ebd90d6b6913310402acea7f5a3ca9
URL: https://github.com/kamailio/kamailio/commit/4e9f49a5e8ebd90d6b6913310402acea...
Author: Daniel-Constantin Mierla miconda@gmail.com
Committer: Daniel-Constantin Mierla miconda@gmail.com
Date: 2019-10-07T15:07:41+02:00
tls: docs - relocated the note about krand and fastrand from default value paragraph

rephrased a bit to avoid eventual confusion they are not production ready


Modified: src/modules/tls/doc/params.xml

Diff:  https://github.com/kamailio/kamailio/commit/4e9f49a5e8ebd90d6b6913310402acea...
Patch: https://github.com/kamailio/kamailio/commit/4e9f49a5e8ebd90d6b6913310402acea...

diff --git a/src/modules/tls/doc/params.xml b/src/modules/tls/doc/params.xml
index 72d3278ed7..dc6494c2db 100644
--- a/src/modules/tls/doc/params.xml
+++ b/src/modules/tls/doc/params.xml
@@ -1259,13 +1259,16 @@ end
   <itemizedlist>
   	<listitem><para>krand - use internal kam_rand() function</para></listitem>
   	<listitem><para>fastrand - use internal fastrand function</para></listitem>
-		<listitem><para>cryptorand - use internal cryptorand function</para></listitem>
+		<listitem><para>cryptorand - use internal cryptorand (fortuna) function</para></listitem>
   </itemizedlist>
+	<para>
+		Note: the krand and fastrand engines are not recommended for use on
+		systems requiring strong security, as they may not generate numbers
+		with enough randomness.
+	</para>
   <para>
   	The default value is empty (not set) for libssl v1.0.x or older, and
-		"cryptorand" for libssl v1.1.x or newer. The krand and fastrand engines are
-		not recommended for production use, as they will not generate secure enough
-		random numbers.
+		"cryptorand" for libssl v1.1.x or newer.
   </para>
   <example>
       <title>Set <varname>rand_engine</varname> parameter</title>

Kamailio (SER) - Development Mailing List
sr-dev@lists.kamailio.org
https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev
-- 
Kamailio Merchandising - https://skalatan.de/merchandising/
Kamailio services - https://skalatan.de/services
Henning Westerholt - https://skalatan.de/blog/


    

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

Re: [sr-dev] git:master:4e9f49a5: tls: docs - relocated the note about krand and fastrand from default value paragraph