bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random num

bug-gnu-emacs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random num

From:	Richard Copley
Subject:	bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems
Date:	Wed, 30 Dec 2015 20:56:03 +0000

Ah, I forgot to mention one other thing that had occurred to me.
It might not be a good idea to pass the current time to CryptGenRandom
for the optional initial seed. The current time (in various forms) is
already used as seed entropy by the system, and it's conceivable
(though implausible) that we could be destroying entropy by doing
this. It's probably better (and "acceptable" according to the
documentation) not to pass any seed at all.

[Prev in Thread]

Current Thread

[Next in Thread]

bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems, (continued)

Prev by Date: bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems
Next by Date: bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems
Previous by thread: bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems
Next by thread: bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems
Index(es):
- Date
- Thread