Hi,
When I am using your lib (code) in my project and preform VeraCode scan for
security testing then found many flaws. One of the common flaw is "Insufficient
Entropy (CWE ID 331)".
This flaw comes in class: crypt.h on line no: 113 and 118.
Code is below:
if (++calls == 1)
{
srand((unsigned)(time(NULL) ^ ZCR_SEED2));
}
init_keys(passwd, pkeys, pcrc_32_tab);
for (n = 0; n < RAND_HEAD_LEN-2; n++)
{
c = (rand() >> 7) & 0xff;
header[n] = (unsigned char)zencode(pkeys, pcrc_32_tab, c, t);
}
Please update me if any resolution is available for security flaws or suggest
me if any correction is required.
Thanks in Advance.
Original issue reported on code.google.com by shivanig...@gmail.com on 7 Apr 2015 at 11:16
Original issue reported on code.google.com by
shivanig...@gmail.comon 7 Apr 2015 at 11:16