View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0009301 | GNUnet | util library | public | 2024-10-25 10:19 | 2024-10-29 20:56 |
Reporter | fefe | Assigned To | schanzen | ||
Priority | normal | Severity | minor | Reproducibility | have not tried |
Status | closed | Resolution | fixed | ||
Target Version | 0.22.2 | Fixed in Version | 0.22.2 | ||
Summary | 0009301: weakened randomness in GNUNET_CRYPTO_hash_create_random | ||||
Description | In crypto_hash.c function GNUNET_CRYPTO_hash_create_random: 99 void 100 GNUNET_CRYPTO_hash_create_random (enum GNUNET_CRYPTO_Quality mode, 101 struct GNUNET_HashCode *result) 102 { 103 for (ssize_t i = (sizeof(struct GNUNET_HashCode) / sizeof(uint32_t)) - 1; 104 i >= 0; 105 i--) 106 result->bits[i] = GNUNET_CRYPTO_random_u32 (mode, UINT32_MAX); 107 } Note that GNUNET_CRYPTO_random_u32 returns a result below UINT32_MAX, so we are creating bad randomness here. The attacker can know that none of the values is UINT32_MAX. | ||||
Tags | No tags attached. | ||||
Date Modified | Username | Field | Change |
---|---|---|---|
2024-10-25 10:19 | fefe | New Issue | |
2024-10-25 13:39 | schanzen | Changeset attached | => gnunet master da2eae04 |
2024-10-25 13:39 | schanzen | Note Added: 0023596 | |
2024-10-25 13:39 | schanzen | Assigned To | => schanzen |
2024-10-25 13:39 | schanzen | Status | new => resolved |
2024-10-25 13:39 | schanzen | Resolution | open => fixed |
2024-10-25 13:39 | schanzen | Target Version | => 0.22.2 |
2024-10-25 13:39 | schanzen | Fixed in Version | => 0.22.2 |
2024-10-29 20:56 | schanzen | Note Added: 0023629 | |
2024-10-29 20:56 | schanzen | Status | resolved => closed |