bug-gnu-emacs
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random num


From: Eli Zaretskii
Subject: bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems
Date: Fri, 15 Jan 2016 11:55:11 +0200

> From: Richard Copley <rcopley@gmail.com>
> Date: Thu, 31 Dec 2015 19:49:42 +0000
> Cc: Demetrios Obenour <demetriobenour@gmail.com>, David Engster 
> <deng@randomsample.de>, 
>       22202@debbugs.gnu.org
> 
> >> That last patch would still improve matters. The user would have
> >> to be publishing the output of their PRNG to begin with in order
> >> for the attacker to analyse it and guess the seed. (I don't know
> >> how one could do that but that's no proof that it's impossible.)
> >
> >I don't even understand how that could be possible.
> 
> Me either, but that doesn't make it impossible. (There are articles
> on the web demonstrating such feats, if you're interested.)
> 
> >> What Demetri has just described is what I would do.
> >
> >Now I'm confused: do what?
> 
> As I understand it: Provide a function callable from lisp that returns
> a cryptographically secure sequence of random bytes, of a specified
> length. Use that function to generate the server secret.

That'd be an enhancement, not a bug.  Patches to provide such an API
are welcome, now that the infrastructure exists both on Posix hosts
and on MS-Windows (see below), the rest should be easy: one just needs
to follow the established APIs in other Lisp-like environments, I
think.

> >We still need to support 'random' with an
> >argument, so we cannot get rid of seeding a PRNG with a known value.
> >And I didn't want to remove srandom.
> 
> Given the above, we could leave "random", etc., as they are, or we
> could use a better PRNG and/or seed with system entropy. It would
> no longer be tied up with this issue report.

I preferred to make it possible to pass a cryptographically secure
byte stream to 'srandom' instead.  See commit 3ffe81e on the emacs-25
branch.  This leaves the basic 'random' functionality intact, so no
Lisp packages should be affected.

I'm therefore marking this bug as done.  Thanks for the feedback.





reply via email to

[Prev in Thread] Current Thread [Next in Thread]