Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 11 Aug 2015 09:51:50 +0200
From: Adam Maris <amaris@...hat.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE for crypto_get_random() from libsrtp

Hello,

The weakest method it provides uses no encryption at all, just HMAC-SHA1 
with 80 bit authentication tag:
http://srtp.sourcearchive.com/documentation/1.4.2.dfsg/group__SRTP_g94d0056e812802ac2920aa474bc5b59b.html

Unless CVE is assigned, we don't plan to ship any patch at the moment.

Regards,

On 01/08/15 11:31, Michael Samuel wrote:
> Hi,
>
> I can't see any reference to it using 80 bits of random data - it looks
> like it's AES-CTR mode.  Do you have further information on that?
>
> That being said, I can see quite a few ways it can go wrong - it's doesn't
> appear thread-safe for a start.  Is it worth taking a closer look or are
> you planning on shipping the patch anyway?
>
> Regards,
>    Michael
>
> On 31 July 2015 at 22:47, Adam Maris <amaris@...hat.com> wrote:
>
>> Hello,
>>
>> I've got question whether this bug (
>> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=793971) is CVE-worthy?
>> Could it be classified as CWE-330: Use of Insufficiently Random Values?
>>
>> According to the SRTP documentation (
>> http://srtp.sourcearchive.com/documentation/1.4.2.dfsg/group__SRTP_g1d4c228c6a58096dfab3cefbabd66f17.html),
>> it provides 80 bits of random data, which is quite a borderline.
>>
>> Thanks.
>>
>> --
>> Adam Maris / Red Hat Product Security
>>
>>

-- 
Adam Maris / Red Hat Product Security

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ