You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi,
When I am using your lib (code) in my project and preform VeraCode scan for
security testing then found many flaws. One of the common flaw is "Insufficient
Entropy (CWE ID 331)".
This flaw comes in class: crypt.h on line no: 113 and 118.
Code is below:
if (++calls == 1)
{
srand((unsigned)(time(NULL) ^ ZCR_SEED2));
}
init_keys(passwd, pkeys, pcrc_32_tab);
for (n = 0; n < RAND_HEAD_LEN-2; n++)
{
c = (rand() >> 7) & 0xff;
header[n] = (unsigned char)zencode(pkeys, pcrc_32_tab, c, t);
}
Please update me if any resolution is available for security flaws or suggest
me if any correction is required.
Thanks in Advance.
Original issue reported on code.google.com by [email protected] on 7 Apr 2015 at 11:16
The text was updated successfully, but these errors were encountered:
Original issue reported on code.google.com by
[email protected]on 7 Apr 2015 at 11:16The text was updated successfully, but these errors were encountered: