From: Eli Zaretskii <eliz@gnu.org>
To: Richard Copley <rcopley@gmail.com>
Cc: demetriobenour@gmail.com, deng@randomsample.de,
22202-done@debbugs.gnu.org
Subject: bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems
Date: Fri, 15 Jan 2016 11:55:11 +0200 [thread overview]
Message-ID: <83r3hjf9q8.fsf@gnu.org> (raw)
In-Reply-To: <CAPM58ogzBhE=ZrLMcx9yjdZi8QU32c_1fMxQmy+kPfex0SP75Q@mail.gmail.com> (message from Richard Copley on Thu, 31 Dec 2015 19:49:42 +0000)
> From: Richard Copley <rcopley@gmail.com>
> Date: Thu, 31 Dec 2015 19:49:42 +0000
> Cc: Demetrios Obenour <demetriobenour@gmail.com>, David Engster <deng@randomsample.de>,
> 22202@debbugs.gnu.org
>
> >> That last patch would still improve matters. The user would have
> >> to be publishing the output of their PRNG to begin with in order
> >> for the attacker to analyse it and guess the seed. (I don't know
> >> how one could do that but that's no proof that it's impossible.)
> >
> >I don't even understand how that could be possible.
>
> Me either, but that doesn't make it impossible. (There are articles
> on the web demonstrating such feats, if you're interested.)
>
> >> What Demetri has just described is what I would do.
> >
> >Now I'm confused: do what?
>
> As I understand it: Provide a function callable from lisp that returns
> a cryptographically secure sequence of random bytes, of a specified
> length. Use that function to generate the server secret.
That'd be an enhancement, not a bug. Patches to provide such an API
are welcome, now that the infrastructure exists both on Posix hosts
and on MS-Windows (see below), the rest should be easy: one just needs
to follow the established APIs in other Lisp-like environments, I
think.
> >We still need to support 'random' with an
> >argument, so we cannot get rid of seeding a PRNG with a known value.
> >And I didn't want to remove srandom.
>
> Given the above, we could leave "random", etc., as they are, or we
> could use a better PRNG and/or seed with system entropy. It would
> no longer be tied up with this issue report.
I preferred to make it possible to pass a cryptographically secure
byte stream to 'srandom' instead. See commit 3ffe81e on the emacs-25
branch. This leaves the basic 'random' functionality intact, so no
Lisp packages should be affected.
I'm therefore marking this bug as done. Thanks for the feedback.
next prev parent reply other threads:[~2016-01-15 9:55 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-12-18 10:05 bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems Demetri Obenour
2015-12-18 10:46 ` Eli Zaretskii
2015-12-29 15:36 ` Richard Copley
2015-12-29 16:21 ` Eli Zaretskii
2015-12-29 17:44 ` Richard Copley
2015-12-29 20:00 ` David Engster
2015-12-29 21:22 ` Richard Copley
2015-12-29 22:02 ` David Engster
2015-12-29 23:13 ` Richard Copley
2015-12-30 15:58 ` Eli Zaretskii
2015-12-30 20:47 ` Richard Copley
2015-12-30 20:56 ` Richard Copley
2015-12-30 20:56 ` Eli Zaretskii
2015-12-30 21:15 ` Richard Copley
2015-12-31 14:14 ` Eli Zaretskii
2015-12-31 17:04 ` Demetrios Obenour
2015-12-31 17:24 ` Eli Zaretskii
2015-12-31 17:47 ` Richard Copley
2015-12-31 18:22 ` Eli Zaretskii
2015-12-31 19:20 ` Eli Zaretskii
2015-12-31 19:49 ` Richard Copley
2015-12-31 20:13 ` Eli Zaretskii
2015-12-31 20:44 ` Richard Copley
2016-01-15 9:55 ` Eli Zaretskii [this message]
2016-01-17 20:26 ` Paul Eggert
2016-01-18 1:42 ` Paul Eggert
2016-01-18 14:40 ` Richard Copley
2016-01-18 16:05 ` Eli Zaretskii
2016-01-18 16:20 ` Richard Copley
2016-01-18 15:45 ` Eli Zaretskii
2016-01-18 20:50 ` Paul Eggert
2016-01-18 21:09 ` Eli Zaretskii
2016-01-19 5:34 ` Paul Eggert
2016-01-19 16:24 ` Eli Zaretskii
2016-01-19 17:03 ` John Wiegley
2016-01-19 17:38 ` Paul Eggert
2016-01-19 18:44 ` Eli Zaretskii
2016-01-19 17:07 ` Paul Eggert
2016-01-19 18:16 ` Eli Zaretskii
2016-01-20 0:39 ` Paul Eggert
2016-01-18 12:04 ` Andy Moreton
2016-01-18 15:57 ` Eli Zaretskii
2016-01-18 23:03 ` John Wiegley
2016-01-19 21:48 ` Andy Moreton
2016-01-20 3:31 ` Glenn Morris
2016-01-20 14:06 ` Andy Moreton
2016-01-20 14:12 ` Eli Zaretskii
2016-01-20 15:15 ` Andy Moreton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=83r3hjf9q8.fsf@gnu.org \
--to=eliz@gnu.org \
--cc=22202-done@debbugs.gnu.org \
--cc=demetriobenour@gmail.com \
--cc=deng@randomsample.de \
--cc=rcopley@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).