Bug: C challenge-response uses rand()/srand() — predictable nonce
Severity: High (Security)
File: src/anti_spoof/challenge_response.c, generate_challenge() (line 300) and main() (line 519)
Description:
The C implementation uses rand() seeded with srand(time(NULL) ^ read_timebase()) to generate challenge nonces. Both rand() (Mersenne Twister/LCG) and the seed are predictable:
- Line 300:
c.nonce[i] = (unsigned char)(rand() ^ (c.timestamp >> (i % 8))); — XOR with known timestamp doesn't help if rand() output is predictable
- Line 519:
srand((unsigned int)time(NULL) ^ (unsigned int)read_timebase()) — seed is guessable
Impact:
Expected Fix:
Use getrandom() (Linux) or SecRandomCopyBytes() (macOS) for nonce generation. On PowerPC, use the timebase register directly as entropy source.
Bug: C challenge-response uses rand()/srand() — predictable nonce
Severity: High (Security)
File:
src/anti_spoof/challenge_response.c,generate_challenge()(line 300) andmain()(line 519)Description:
The C implementation uses
rand()seeded withsrand(time(NULL) ^ read_timebase())to generate challenge nonces. Bothrand()(Mersenne Twister/LCG) and the seed are predictable:c.nonce[i] = (unsigned char)(rand() ^ (c.timestamp >> (i % 8)));— XOR with known timestamp doesn't help if rand() output is predictablesrand((unsigned int)time(NULL) ^ (unsigned int)read_timebase())— seed is guessableImpact:
Expected Fix:
Use
getrandom()(Linux) orSecRandomCopyBytes()(macOS) for nonce generation. On PowerPC, use the timebase register directly as entropy source.