[sr-dev] git:master:4e9f49a5: tls: docs - relocated the note about krand and fastrand from default value paragraph
Henning Westerholt
hw at skalatan.de
Mon Oct 7 15:31:54 CEST 2019
Hi Daniel,
thank you for integrating the changes in the stable branches, I could
have done it later as well.
One remark about the README change - in my opinion the krand and
fastrand should not used in production. They will generate to weak
random numbers. Refer for example to this wikipedia summary:
https://en.wikipedia.org/wiki/Random_number_generator_attack#Prominent_examples
Many systems were broken by using insufficient random number generators.
So I think the documentation should indicate this as well.
Cheers,
Henning
Am 07.10.19 um 15:11 schrieb Daniel-Constantin Mierla:
> Module: kamailio
> Branch: master
> Commit: 4e9f49a5e8ebd90d6b6913310402acea7f5a3ca9
> URL: https://github.com/kamailio/kamailio/commit/4e9f49a5e8ebd90d6b6913310402acea7f5a3ca9
>
> Author: Daniel-Constantin Mierla <miconda at gmail.com>
> Committer: Daniel-Constantin Mierla <miconda at gmail.com>
> Date: 2019-10-07T15:07:41+02:00
>
> tls: docs - relocated the note about krand and fastrand from default value paragraph
>
> - rephrased a bit to avoid eventual confusion they are not production ready
>
> ---
>
> Modified: src/modules/tls/doc/params.xml
>
> ---
>
> Diff: https://github.com/kamailio/kamailio/commit/4e9f49a5e8ebd90d6b6913310402acea7f5a3ca9.diff
> Patch: https://github.com/kamailio/kamailio/commit/4e9f49a5e8ebd90d6b6913310402acea7f5a3ca9.patch
>
> ---
>
> diff --git a/src/modules/tls/doc/params.xml b/src/modules/tls/doc/params.xml
> index 72d3278ed7..dc6494c2db 100644
> --- a/src/modules/tls/doc/params.xml
> +++ b/src/modules/tls/doc/params.xml
> @@ -1259,13 +1259,16 @@ end
> <itemizedlist>
> <listitem><para>krand - use internal kam_rand() function</para></listitem>
> <listitem><para>fastrand - use internal fastrand function</para></listitem>
> - <listitem><para>cryptorand - use internal cryptorand function</para></listitem>
> + <listitem><para>cryptorand - use internal cryptorand (fortuna) function</para></listitem>
> </itemizedlist>
> + <para>
> + Note: the krand and fastrand engines are not recommended for use on
> + systems requiring strong security, as they may not generate numbers
> + with enough randomness.
> + </para>
> <para>
> The default value is empty (not set) for libssl v1.0.x or older, and
> - "cryptorand" for libssl v1.1.x or newer. The krand and fastrand engines are
> - not recommended for production use, as they will not generate secure enough
> - random numbers.
> + "cryptorand" for libssl v1.1.x or newer.
> </para>
> <example>
> <title>Set <varname>rand_engine</varname> parameter</title>
>
>
> _______________________________________________
> Kamailio (SER) - Development Mailing List
> sr-dev at lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev
--
Kamailio Merchandising - https://skalatan.de/merchandising/
Kamailio services - https://skalatan.de/services
Henning Westerholt - https://skalatan.de/blog/
More information about the sr-dev
mailing list