Weak RNG for crypto challenge value — rand() seeded with time(NULL)
Summary¶
Two related weaknesses exist in the random number generation path:
1. Predictable seed — srand(time(NULL)) (BUG_003)¶
File: srchybrid/Emule.cpp:304
srand((unsigned)time(NULL));
The seed is predictable to within ~1 second. Any observer who knows the
approximate startup time can determine all subsequent rand() output.
A fix was attempted (commit 71e298d) and intentionally reverted (commit e9e0be6)
because all crypto-sensitive operations already use AutoSeededRandomPool from
Crypto++. The remaining rand() usage is non-crypto timing jitter only.
Current status: Accepted risk for this branch. Tracked here for audit completeness.
2. rand() for crypto challenge value (BUG_002)¶
File: srchybrid/BaseClient.cpp:2004-2005
uint32 dwRandom = rand() + 1;
m_dwCryptRndChallengeFor = dwRandom;
m_dwCryptRndChallengeFor is used in the client authentication challenge.
Using rand() (seeded with time) for a crypto challenge reduces its effective
entropy to ~1 second of search space.
The codebase already has GetRandomUInt32() backed by AutoSeededRandomPool —
this function should be used here instead.
Current status: Rejected for this branch. The correct fix would be straightforward:
replace rand() + 1 with GetRandomUInt32().
Product Decision¶
2026-05-01: Marked Wont-Fix for the broadband release by product decision. The remaining risk is accepted for this branch; crypto-sensitive paths mostly use Crypto++ RNG already, and this item should not be scheduled unless that release decision is explicitly reversed.
Correct Fix If Reopened¶
// BaseClient.cpp:2004
uint32 dwRandom = GetRandomUInt32(); // uses AutoSeededRandomPool
if (dwRandom == 0) dwRandom = 1; // preserve the +1 intent
m_dwCryptRndChallengeFor = dwRandom;
Files¶
srchybrid/Emule.cpp:304srchybrid/BaseClient.cpp:2004-2005