SYSKEY2 code, and new random data source

Pete Chown Pete.Chown at
Mon Feb 21 10:09:16 GMT 2000

Jeremy Allison wrote:

> This is incorrect. md4_buf [in the RNG] is not zeros - it is filled with
> data from various sources in the function do_reseed().
> Can you look at the source more carefully and report if you
> still think there's a problem please ?

That's the worst of trying to understand code without doing anything
to test your understanding!  Yes, you are quite right.  Let me have
another go -- shoot me down if I have misunderstood again.

Suppose we have captured a block of random data.  Now consider the
loop at the end of genrand.c, at the point where block zero has just
been written out.

At this point md4_buf is equal to block zero exclusive-ored with
something derived from the system random number generator.  To
calculate block one, we calculate md4(md4_buf) and exclusive-or in
more output from the random number generator.

Don't we have a problem with lack of entropy in the system random
number generator here (rather than in the other place).  To go from
block zero to block one, we just try all possible seeds for the RNG.
When we get the right seed, the same pseudo-random stream cancels out
the difference between md4_buf and block zero, and adds the difference
between md4(md4_buf) and block one.

Let me know what you think...

      phone +44 (0) 20 8542 7856, fax +44 (0) 20 8543 0176, post:
  Skygate Technology Ltd, 8 Lombard Road, Wimbledon, London, SW19 3TZ

More information about the samba-technical mailing list