cURL / Mailing Lists / curl-library / Single Mail


Re: [PATCH] NTLM: use a fake entropy for debug builds

From: Kamil Dudka <>
Date: Tue, 18 Mar 2014 13:53:01 +0100

On Monday, March 17, 2014 22:32:47 Daniel Stenberg wrote:
> Hi,
> I was reminded about the fixed string entropy we use in in the NTLM code for
> debug builds. I want debug-builds to still work if used against real world
> machines and this fixed string is then a security issue.
> I'm suggesting an approach like attached, that allows the test suite to set
> the random string to use for testing purposes but it will make curl work
> basically as usual outside of the test suite if used for real.
> Objections?

I like the approach. Then we need to make the test-suite actually set the
CURL_ENTROPY environment variable in order not to break those tests.

Should not we check for the presence of $CURL_ENTROPY also here?

List admin:
Received on 2014-03-18