Michael Samuel (mik) reports: KRandom::random() should not be considered a secure PRNG due to having a limited space of random values (32bits). Reference: http://openwall.com/lists/oss-security/2013/06/26/1 http://openwall.com/lists/oss-security/2013/06/26/2
Created kdelibs tracking bugs for this issue Affects: fedora-all [bug 978246]
Created kdelibs3 tracking bugs for this issue Affects: fedora-all [bug 978247]
The KRandom::random() function is written using the glibc srand()/rand() functions. kdecore/util/krandom.cpp: 39 int fd = KDE_open("/dev/urandom", O_RDONLY); 40 if (fd < 0 || ::read(fd, &seed, sizeof(seed)) != sizeof(seed)) 41 { 42 // No /dev/urandom... try something else. 43 srand(getpid()); 44 seed = rand()+time(0); 45 } 46 if (fd >= 0) close(fd); 47 srand(seed); 48 } 49 return rand(); Krandom::random() tries to read the seed from /dev/urandom. If it is not able to open /dev/urandom, it uses a combination of the pid and system time to derive a seed (more predictable then /dev/urandom ofcourse). This seed is then used to derive random numbers via the glibc, rand() function. Note: glibc's rand() function is based on Linear congruential generator and is not recommended to be used for cryptographic purposes which includes generation of random passwords/keys for desktop applications. The same applies to other pseudo-random number generator functions like KRandom::random() which are based on glibc's rand(). Red Hat recommends use of the following functions for generating unpredictable and non-repeating values pseudo-random numbers. http://docs.fedoraproject.org/en-US/Fedora_Security_Team//html/Defensive_Coding/ch10s02.html