Date: Tue, 11 Aug 2015 09:51:50 +0200 From: Adam Maris <amaris@...hat.com> To: oss-security@...ts.openwall.com Subject: Re: CVE for crypto_get_random() from libsrtp Hello, The weakest method it provides uses no encryption at all, just HMAC-SHA1 with 80 bit authentication tag: http://srtp.sourcearchive.com/documentation/1.4.2.dfsg/group__SRTP_g94d0056e812802ac2920aa474bc5b59b.html Unless CVE is assigned, we don't plan to ship any patch at the moment. Regards, On 01/08/15 11:31, Michael Samuel wrote: > Hi, > > I can't see any reference to it using 80 bits of random data - it looks > like it's AES-CTR mode. Do you have further information on that? > > That being said, I can see quite a few ways it can go wrong - it's doesn't > appear thread-safe for a start. Is it worth taking a closer look or are > you planning on shipping the patch anyway? > > Regards, > Michael > > On 31 July 2015 at 22:47, Adam Maris <amaris@...hat.com> wrote: > >> Hello, >> >> I've got question whether this bug ( >> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=793971) is CVE-worthy? >> Could it be classified as CWE-330: Use of Insufficiently Random Values? >> >> According to the SRTP documentation ( >> http://srtp.sourcearchive.com/documentation/1.4.2.dfsg/group__SRTP_g1d4c228c6a58096dfab3cefbabd66f17.html), >> it provides 80 bits of random data, which is quite a borderline. >> >> Thanks. >> >> -- >> Adam Maris / Red Hat Product Security >> >> -- Adam Maris / Red Hat Product Security
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ