GNU bug report logs - #22202
24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems

Previous Next

Full log

View this message in rfc822 format

From: Eli Zaretskii <eliz <at> gnu.org>
To: Richard Copley <rcopley <at> gmail.com>
Cc: 22202 <at> debbugs.gnu.org, demetriobenour <at> gmail.com, deng <at> randomsample.de
Subject: bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems
Date: Thu, 31 Dec 2015 20:22:58 +0200

> From: Richard Copley <rcopley <at> gmail.com>
> Date: Thu, 31 Dec 2015 17:47:18 +0000
> Cc: Demetrios Obenour <demetriobenour <at> gmail.com>, David Engster <deng <at> randomsample.de>, 
> 	22202 <at> debbugs.gnu.org
> 
> That last patch would still improve matters. The user would have
> to be publishing the output of their PRNG to begin with in order
> for the attacker to analyse it and guess the seed. (I don't know
> how one could do that but that's no proof that it's impossible.)

I don't even understand how that could be possible.

> What Demetri has just described is what I would do.

Now I'm confused: do what?  We still need to support 'random' with an
argument, so we cannot get rid of seeding a PRNG with a known value.
And I didn't want to remove srandom.

> +  if (w32_crypto_hprov)
> +    w32_init_crypt_random ();
> 
> should be
> 
> +  if (! w32_crypto_hprov)
> +    w32_init_crypt_random ();

Ah, that's a left-over from debugging.  Thanks.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.