Red Hat Bugzilla – Bug 978243
CVE-2013-2213 KDE KRandom::random() CWE-334: Small Space of Random Values
Last modified: 2015-07-31 03:08:03 EDT
Michael Samuel (firstname.lastname@example.org) reports:
KRandom::random() should not be considered a secure PRNG due to having a limited space of random values (32bits).
Created kdelibs tracking bugs for this issue
Affects: fedora-all [bug 978246]
Created kdelibs3 tracking bugs for this issue
Affects: fedora-all [bug 978247]
The KRandom::random() function is written using the glibc srand()/rand() functions.
39 int fd = KDE_open("/dev/urandom", O_RDONLY);
40 if (fd < 0 || ::read(fd, &seed, sizeof(seed)) != sizeof(seed))
42 // No /dev/urandom... try something else.
44 seed = rand()+time(0);
46 if (fd >= 0) close(fd);
49 return rand();
Krandom::random() tries to read the seed from /dev/urandom. If it is not able to open /dev/urandom, it uses a combination of the pid and system time to derive a seed (more predictable then /dev/urandom ofcourse). This seed is then used to derive random numbers via the glibc, rand() function.
Note: glibc's rand() function is based on Linear congruential generator and is not recommended to be used for cryptographic purposes which includes generation of random passwords/keys for desktop applications.
The same applies to other pseudo-random number generator functions like KRandom::random() which are based on glibc's rand().
Red Hat recommends use of the following functions for generating unpredictable and non-repeating values pseudo-random numbers.