Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Sun, 24 Jan 2016 18:40:37 -0500
From: Scott Arciszewski <>
	Assign a CVE Identifier <>
Subject: PSA: Don't use RNCryptor

I've discovered that several people are promoting a cryptography library
called RNCryptor on Stack Exchange websites.

Last year, I found that it failed to compare MACs in constant-time (which
is rule #1 of the cryptography coding standards, by the way). This is not
only a remotely exploitable cryptographic side-channel that allows for MAC
forgeries that result in chosen-ciphertext attacks, but it's also a sign of
poor security engineering that promises more vulnerabilities will be
discovered in other components.

Today, I spend two minutes looking through the C and Python versions and
discovered they are also susceptible to timing attack vulnerabilities.


And of course, my original finding:

I'd like to take this opportunity to tell every programmer and information
security professional that reads this mailing list: DON'T USE RNCRYPTOR.

If you need portable, highly secure cryptography, there is no better answer
than libsodium:

(If you're interested in seeing the Stack Exchange discussion:

Scott Arciszewski
Chief Development Officer
Paragon Initiative Enterprises <>

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ