bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random num

bug-gnu-emacs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random num

From:	Richard Copley
Subject:	bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems
Date:	Thu, 31 Dec 2015 17:47:18 +0000

That last patch would still improve matters. The user would have
to be publishing the output of their PRNG to begin with in order
for the attacker to analyse it and guess the seed. (I don't know
how one could do that but that's no proof that it's impossible.)

What Demetri has just described is what I would do. (Sorry
again that I can't assist with a patch.)

+  if (w32_crypto_hprov)
+    w32_init_crypt_random ();

should be

+  if (! w32_crypto_hprov)
+    w32_init_crypt_random ();

[Prev in Thread]

Current Thread

[Next in Thread]

bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems, Eli Zaretskii, 2016/01/01
- bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems, Richard Copley, 2016/01/01
  - bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems, Eli Zaretskii, 2016/01/01
    - bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems, Richard Copley, 2016/01/01
  - bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems, Eli Zaretskii, 2016/01/15
- bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems, Richard Copley <=
  - bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems, Eli Zaretskii, 2016/01/01
- bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems, Paul Eggert, 2016/01/17
  - bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems, Paul Eggert, 2016/01/17
    - Message not available
    - bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems, Andy Moreton, 2016/01/18
    - bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems, Eli Zaretskii, 2016/01/18
    - bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems, John Wiegley, 2016/01/18
    - bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems, Richard Copley, 2016/01/18
    - bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems, Eli Zaretskii, 2016/01/18
    - bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems, Richard Copley, 2016/01/18
  - bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems, Eli Zaretskii, 2016/01/18

Prev by Date: bug#22250: 25.0.50; Eww fails to break RTL paragraph
Next by Date: bug#22272: Close 22272
Previous by thread: bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems
Next by thread: bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems
Index(es):
- Date
- Thread