[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random num

From: Richard Copley
Subject: bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems
Date: Wed, 30 Dec 2015 20:47:40 +0000

> Can you audit the patch below?  I know next to nothing about
> cryptography, and I'm not sure I understood all the flags involved in
> these APIs.

Sure! But please bear in mind I'm not experienced in crypto

With regard to API usage: The call to CryptAcquireContext looks good
to me. (The comment about interoperability in the documentation for
the parameter "pszProvider" does not apply as we are not inter-
operating with anything. Setting "pszContainer" to NULL, as you have
done, is explicitly recommended. The docs for the individual flags
entail the very value of "dwFlags" that you use.) I can see nothing
else to comment on.

Re performance: using CryptGenRandom to provide a seed for srand
is enough to address Demetri's concern. For performance reasons,
as you said, implementing random() with CryptGenRandom is
potentially bad. I think random() itself should not be changed.

That said, rand() makes me uncomfortable (mostly because of bugs in
long-gone implementations, and superstition). Given the chance I would
replace it with an xorshift* generator. The generator at [1] seeded
with 64 bits from CryptGenRandom should give good performance for
random() and (I guess!) an effectively unassailable server secret.

But I have no good reason to claim that rand() is not good enough.

Thank you Eli.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]