SEARCH RESULTS
 
Showing 1-5 of 5 records
1
 
Expand article

Banning function calls, assurance, and retrofitting

2008-03-18 19:48:00 by Security Retentive in Security Retentive
 
...rand I don't technically have a problem with including rand() in the list of things to be extremely careful about, but whereas it is nearly impossible to guarantee that someone has used strcpy() right, rand() actually has some pretty legitimate uses Consider the case where we want to do a randomized delay in processing something, or where...
 
Tags: code review experience, code, security sensitive context, context, security critical context, unsafe context, static analyzer, file defects, rand
 
 
 
 
Expand article

Improve Security with "A Layer of Hurt"

2008-07-31 19:13:00 by sdl in The Security Development Lifecycle
 
...rand() % 100) > 5) return; // fuzz about 5% of Buffers size t cLoop = 1 + (rand() % 4 for (size t j = 0; j size t i=0 iLow = rand() % *pcbBuf iHigh = 1+rand() % *pcbBuf iIter = 1+rand() % 8 if (iLow > iHigh size t t=iHigh; iHigh=iLow; iLow=t char ch=0 switch(rand() % 9 case 0 : // reset upper bits for (i=iLow; i case 1 : // set upper bits...
 
Tags: layer, code layer, code, decent code coverage, fuzz, void fuzz, ifdef fuzz, code examples, perform fuzz
 
 
 
 
Expand article

Got Entropy ?

2008-04-02 02:55:47 by Erik T. Heidt in Art of Information Security
 
...random number generators (RNGs FYI, for the impatient, click here There are two ways to generate random numbers on computers: (1) use a software program called a Pseudorandom Number Generator (PRNG) or (2) use a hardware random number generator. A Pseudorandom Number Generator uses a seed value to generate a sequence of numbers that appear...
 
Tags: entropy, random, 32-byte random, byte, hardware random, entropy sources, sequence, random sequence, pull entropy
 
 
 
 
Expand article

Random Number Bug in Debian Linux

2008-05-19 06:07:59 by schneier in Schneier on Security
 
...rand.c MD Update(&m,buf,j); [ .. ] MD Update(&m,buf,j); /* purify complains These lines were removed because they caused the Valgrind and Purify tools to produce warnings about the use of uninitialized data in any code that was linked to OpenSSL. You can see one such report to the OpenSSL team here . Removing this code has the side effect of...
 
Tags: random, openssl, openssl team, random data, process, debian, current process, openssl package, bug
 
 
 
 
Expand article

True Randomness

2008-05-21 16:36:10 by Editor in Cheap Hack
 
...randomness of the PHP rand() function. He compared it to the results from random.org , which uses atmospheric noise as a random seed. The result is a visually clear example of randomness and not-so-randomness. Read the blog, you'll see what I mean. Allen's test makes me think that someone (no, I don't have the time) should do the same with...
 
Tags: random, random seed, randomness, programmatic random, debian openssl bug, time, atmospheric noise, web developer, php rand
 
 
 
 
 
Showing 1-5 of 5 records
1
 
TOP SEARCH
Expand / MinimizeClose Widget
  •  
RECENT SEARCH
Expand / Minimize
  •  
RELATED VIDEO
Expand / Minimize
SecurityRatty FAQ
Sergey Zarubin, 31yo
CISSP, CCSP
Moscow, Russia