GNU bug report logs - #22202
24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems

Previous Next

Package: emacs;

Reported by: Demetri Obenour <demetriobenour <at> gmail.com>

Date: Fri, 18 Dec 2015 10:09:01 UTC

Severity: normal

Tags: security

Found in version 24.5

Done: Eli Zaretskii <eliz <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Eli Zaretskii <eliz <at> gnu.org>
To: Demetrios Obenour <demetriobenour <at> gmail.com>
Cc: rcopley <at> gmail.com, 22202 <at> debbugs.gnu.org, deng <at> randomsample.de
Subject: bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems
Date: Thu, 31 Dec 2015 21:20:08 +0200

> From: Demetrios Obenour <demetriobenour <at> gmail.com>
> Cc: David Engster <deng <at> randomsample.de>, 22202 <at> debbugs.gnu.org
> Date: Thu, 31 Dec 2015 12:04:38 -0500
> 
> It would also be nice to expose a CSPRNG to Lisp on all platforms.  I
> know that SLIME could use it on Windows, and it would be nice if one
> could have a just-do-it API for this purpose.  Speed does not matter
> much here.

Btw, for the record: my speed measurements were wrong: it turned out I
compared an optimized build with an unoptimized one.  When compared
correctly, there's no perceptible performance difference between using
CRT's 'rand' and using the Windows Crypto API to generate random
numbers.

This bug report was last modified 9 years and 178 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #22202 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems

GNU bug report logs - #22202
24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems