[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random num
From: |
Eli Zaretskii |
Subject: |
bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems |
Date: |
Thu, 31 Dec 2015 20:22:58 +0200 |
> From: Richard Copley <rcopley@gmail.com>
> Date: Thu, 31 Dec 2015 17:47:18 +0000
> Cc: Demetrios Obenour <demetriobenour@gmail.com>, David Engster
> <deng@randomsample.de>,
> 22202@debbugs.gnu.org
>
> That last patch would still improve matters. The user would have
> to be publishing the output of their PRNG to begin with in order
> for the attacker to analyse it and guess the seed. (I don't know
> how one could do that but that's no proof that it's impossible.)
I don't even understand how that could be possible.
> What Demetri has just described is what I would do.
Now I'm confused: do what? We still need to support 'random' with an
argument, so we cannot get rid of seeding a PRNG with a known value.
And I didn't want to remove srandom.
> + if (w32_crypto_hprov)
> + w32_init_crypt_random ();
>
> should be
>
> + if (! w32_crypto_hprov)
> + w32_init_crypt_random ();
Ah, that's a left-over from debugging. Thanks.
- bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems, Eli Zaretskii, 2016/01/01
- bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems, Richard Copley, 2016/01/01
- bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems,
Eli Zaretskii <=
- bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems, Paul Eggert, 2016/01/17
- bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems, Richard Copley, 2016/01/18
- bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems, Eli Zaretskii, 2016/01/18
- bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems, Richard Copley, 2016/01/18
bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems, Eli Zaretskii, 2016/01/18