From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: Richard Copley <rcopley@gmail.com>
Newsgroups: gmane.emacs.bugs
Subject: bug#22202: 24.5;
	SECURITY ISSUE -- Emacs Server vulnerable to random number generator
	attack on Windows systems
Date: Thu, 31 Dec 2015 19:49:42 +0000
Message-ID: <CAPM58ogzBhE=ZrLMcx9yjdZi8QU32c_1fMxQmy+kPfex0SP75Q@mail.gmail.com>
References: <CAPM58ojkc5zNp3TOwsTGtXV+FSkmFRZ+PdhW2w=mLdrgsNuZsQ@mail.gmail.com>
	<83lh8ddy45.fsf@gnu.org>
	<CAPM58ohO-FoM8+niHd43bq7GX2dvBkBiLNMthnBXsTyBhRQWxg@mail.gmail.com>
	<8760zh81oo.fsf@isaac.fritz.box>
	<CAPM58ogeYY3aggKi=7tPDfxoFdmh58fN_tAcPDjHsQW0WdY9ow@mail.gmail.com>
	<83mvssc4ix.fsf@gnu.org>
	<CAPM58og228ywWcOcTzHwzo9-cceossV2FtDciup6sAWhDiZjMg@mail.gmail.com>
	<1451581478.15612.5.camel@gmail.com> <834meybf2v.fsf@gnu.org>
NNTP-Posting-Host: plane.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
X-Trace: ger.gmane.org 1451693661 4343 80.91.229.3 (2 Jan 2016 00:14:21 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Sat, 2 Jan 2016 00:14:21 +0000 (UTC)
Cc: 22202@debbugs.gnu.org, Demetrios Obenour <demetriobenour@gmail.com>,
	David Engster <deng@randomsample.de>
To: Eli Zaretskii <eliz@gnu.org>
Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Sat Jan 02 01:14:12 2016
Return-path: <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>
Envelope-to: geb-bug-gnu-emacs@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by plane.gmane.org with esmtp (Exim 4.69)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>)
	id 1aF9pj-0004w1-1A
	for geb-bug-gnu-emacs@m.gmane.org; Sat, 02 Jan 2016 01:14:11 +0100
Original-Received: from localhost ([::1]:37030 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org>)
	id 1aF9pi-0001oV-7g
	for geb-bug-gnu-emacs@m.gmane.org; Fri, 01 Jan 2016 19:14:10 -0500
Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:38670)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1aF9pf-0001ng-7h
	for bug-gnu-emacs@gnu.org; Fri, 01 Jan 2016 19:14:07 -0500
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1aF9pa-0005wf-7P
	for bug-gnu-emacs@gnu.org; Fri, 01 Jan 2016 19:14:07 -0500
Original-Received: from debbugs.gnu.org ([208.118.235.43]:45749)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1aF9pa-0005wW-2n
	for bug-gnu-emacs@gnu.org; Fri, 01 Jan 2016 19:14:02 -0500
Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1aF9pZ-0000nM-UM
	for bug-gnu-emacs@gnu.org; Fri, 01 Jan 2016 19:14:01 -0500
X-Loop: help-debbugs@gnu.org
Resent-From: Richard Copley <rcopley@gmail.com>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-gnu-emacs@gnu.org
Resent-Date: Sat, 02 Jan 2016 00:14:01 +0000
Resent-Message-ID: <handler.22202.B22202.14516936333035@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 22202
X-GNU-PR-Package: emacs
X-GNU-PR-Keywords: security
Original-Received: via spool by 22202-submit@debbugs.gnu.org id=B22202.14516936333035
	(code B ref 22202); Sat, 02 Jan 2016 00:14:01 +0000
Original-Received: (at 22202) by debbugs.gnu.org; 2 Jan 2016 00:13:53 +0000
Original-Received: from localhost ([127.0.0.1]:33969 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1aF9pR-0000mt-0B
	for submit@debbugs.gnu.org; Fri, 01 Jan 2016 19:13:53 -0500
Original-Received: from mail-yk0-f174.google.com ([209.85.160.174]:35118)
	by debbugs.gnu.org with esmtp (Exim 4.84)
	(envelope-from <rcopley@gmail.com>) id 1aF9pP-0000mh-Nz
	for 22202@debbugs.gnu.org; Fri, 01 Jan 2016 19:13:51 -0500
Original-Received: by mail-yk0-f174.google.com with SMTP id x67so203869835ykd.2
	for <22202@debbugs.gnu.org>; Fri, 01 Jan 2016 16:13:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; 
	h=mime-version:in-reply-to:references:from:date:message-id:subject:to
	:cc:content-type;
	bh=944j8NI4XxFO732nXERdpAO6K/oDge5D5YT4y6mjerY=;
	b=VDJHIQixnQIC1U9TyFBE916IFvM/ug8V2cKnauyOiHRzubsZ/aWGA/EE+mmDM5WgSn
	JkS/yv/t5ahJrdpmBx2Kj67ckyZJrCZFjJpSddor18OvRtdEi9VkpGbzgpahjGUKLSI1
	4JHLiebnVndQem9QRiSXYq4R8mZwSxnxOHHeJDJz5KUbeEIp2eMGKgW4UUsG7AXLGs3y
	pTlrOW/RJ3Zu5V8Q9crMHSKf/62VqcDgkFgYZeDz6m1HTh1qULR5uXdQTgXHvN+Us+ed
	dqoV3SxuKMlQ2bYI7MkkdZ+pWvtD7VWG6QdMXWyWuVCBEY9mTyxU+zVDn/AatkNhWnb5
	RZPQ==
X-Received: by 10.129.19.214 with SMTP id 205mr54045945ywt.136.1451591411830; 
	Thu, 31 Dec 2015 11:50:11 -0800 (PST)
Original-Received: by 10.37.207.214 with HTTP; Thu, 31 Dec 2015 11:49:42 -0800 (PST)
In-Reply-To: <834meybf2v.fsf@gnu.org>
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Received-From: 208.118.235.43
X-BeenThere: bug-gnu-emacs@gnu.org
List-Id: "Bug reports for GNU Emacs,
	the Swiss army knife of text editors" <bug-gnu-emacs.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-gnu-emacs>,
	<mailto:bug-gnu-emacs-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/bug-gnu-emacs>
List-Post: <mailto:bug-gnu-emacs@gnu.org>
List-Help: <mailto:bug-gnu-emacs-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-gnu-emacs>,
	<mailto:bug-gnu-emacs-request@gnu.org?subject=subscribe>
Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org
Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.bugs:111068
Archived-At: <http://permalink.gmane.org/gmane.emacs.bugs/111068>

>> That last patch would still improve matters. The user would have
>> to be publishing the output of their PRNG to begin with in order
>> for the attacker to analyse it and guess the seed. (I don't know
>> how one could do that but that's no proof that it's impossible.)
>
>I don't even understand how that could be possible.

Me either, but that doesn't make it impossible. (There are articles
on the web demonstrating such feats, if you're interested.)

>> What Demetri has just described is what I would do.
>
>Now I'm confused: do what?

As I understand it: Provide a function callable from lisp that returns
a cryptographically secure sequence of random bytes, of a specified
length. Use that function to generate the server secret.

>We still need to support 'random' with an
>argument, so we cannot get rid of seeding a PRNG with a known value.
>And I didn't want to remove srandom.

Given the above, we could leave "random", etc., as they are, or we
could use a better PRNG and/or seed with system entropy. It would
no longer be tied up with this issue report.