[sr-dev] git:master:4e9f49a5: tls: docs - relocated the note about krand and fastrand from default value paragraph

Henning Westerholt hw at skalatan.de
Mon Oct 7 15:31:54 CEST 2019 

Hi Daniel,

thank you for integrating the changes in the stable branches, I could 
have done it later as well.

One remark about the README change - in my opinion the krand and 
fastrand should not used in production. They will generate to weak 
random numbers. Refer for example to this wikipedia summary:

https://en.wikipedia.org/wiki/Random_number_generator_attack#Prominent_examples

Many systems were broken by using insufficient random number generators.

So I think the documentation should indicate this as well.

Cheers,

Henning

Am 07.10.19 um 15:11 schrieb Daniel-Constantin Mierla:
> Module: kamailio
> Branch: master
> Commit: 4e9f49a5e8ebd90d6b6913310402acea7f5a3ca9
> URL: https://github.com/kamailio/kamailio/commit/4e9f49a5e8ebd90d6b6913310402acea7f5a3ca9
>
> Author: Daniel-Constantin Mierla <miconda at gmail.com>
> Committer: Daniel-Constantin Mierla <miconda at gmail.com>
> Date: 2019-10-07T15:07:41+02:00
>
> tls: docs - relocated the note about krand and fastrand from default value paragraph
>
> - rephrased a bit to avoid eventual confusion they are not production ready
>
> ---
>
> Modified: src/modules/tls/doc/params.xml
>
> ---
>
> Diff:  https://github.com/kamailio/kamailio/commit/4e9f49a5e8ebd90d6b6913310402acea7f5a3ca9.diff
> Patch: https://github.com/kamailio/kamailio/commit/4e9f49a5e8ebd90d6b6913310402acea7f5a3ca9.patch
>
> ---
>
> diff --git a/src/modules/tls/doc/params.xml b/src/modules/tls/doc/params.xml
> index 72d3278ed7..dc6494c2db 100644
> --- a/src/modules/tls/doc/params.xml
> +++ b/src/modules/tls/doc/params.xml
> @@ -1259,13 +1259,16 @@ end
>   	<itemizedlist>
>   		<listitem><para>krand - use internal kam_rand() function</para></listitem>
>   		<listitem><para>fastrand - use internal fastrand function</para></listitem>
> -		<listitem><para>cryptorand - use internal cryptorand function</para></listitem>
> +		<listitem><para>cryptorand - use internal cryptorand (fortuna) function</para></listitem>
>   	</itemizedlist>
> +	<para>
> +		Note: the krand and fastrand engines are not recommended for use on
> +		systems requiring strong security, as they may not generate numbers
> +		with enough randomness.
> +	</para>
>   	<para>
>   		The default value is empty (not set) for libssl v1.0.x or older, and
> -		"cryptorand" for libssl v1.1.x or newer. The krand and fastrand engines are
> -		not recommended for production use, as they will not generate secure enough
> -		random numbers.
> +		"cryptorand" for libssl v1.1.x or newer.
>   	</para>
>   	<example>
>   	    <title>Set <varname>rand_engine</varname> parameter</title>
>
>
> _______________________________________________
> Kamailio (SER) - Development Mailing List
> sr-dev at lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-dev

-- 
Kamailio Merchandising - https://skalatan.de/merchandising/
Kamailio services - https://skalatan.de/services
Henning Westerholt - https://skalatan.de/blog/

More information about the sr-dev mailing list