oss-security - Re: CVE for crypto_get

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Message-ID: <CAKws9z2A08ws63uJfh6Z7z+p8WpNuEiQCRMdsMxXKeCT3e1-ow@mail.gmail.com>
Date: Fri, 31 Jul 2015 09:38:52 -0400
From: Scott Arciszewski <scott@...agonie.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE for crypto_get_random() from libsrtp

On Fri, Jul 31, 2015 at 8:47 AM, Adam Maris <amaris@...hat.com> wrote:
> Hello,
>
> I've got question whether this bug
> (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=793971) is CVE-worthy?
> Could it be classified as CWE-330: Use of Insufficiently Random Values?
>
> According to the SRTP documentation
> (http://srtp.sourcearchive.com/documentation/1.4.2.dfsg/group__SRTP_g1d4c228c6a58096dfab3cefbabd66f17.html),
> it provides 80 bits of random data, which is quite a borderline.
>
> Thanks.
>
> --
> Adam Maris / Red Hat Product Security
>

I would consider 80 bits insufficient for cryptography, but it's not
really exploitably weak (like, say, rand() would be). Whether or not
it warrants a CVE is obviously MITRE's discretion.

2^80 is out of reach for most people to brute force in 2015 (maybe
even for intelligence agencies), but 2^100 is generally the lower
bound of acceptable.

Just my $0.02.

Scott Arciszewski
Chief Development Officer
Paragon Initiative Enterprises <https://paragonie.com>

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.