bug-gnu-emacs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random num


From: Eli Zaretskii
Subject: bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems
Date: Wed, 30 Dec 2015 22:56:29 +0200

> Date: Wed, 30 Dec 2015 20:47:40 +0000
> From: Richard Copley <address@hidden>
> Cc: David Engster <address@hidden>, address@hidden, 
>       Demetri Obenour <address@hidden>
> 
> Re performance: using CryptGenRandom to provide a seed for srand
> is enough to address Demetri's concern. For performance reasons,
> as you said, implementing random() with CryptGenRandom is
> potentially bad. I think random() itself should not be changed.

That'd be the worst of both worlds, IMO: a not-so-good PRNG with no
way whatsoever to get a repeatable sequence.  Am I right?





reply via email to

[Prev in Thread] Current Thread [Next in Thread]