On Mon, May 2, 2022 at 11:37 AM Denys Vlasenko <vda.li...@googlemail.com> wrote: > > On Mon, May 2, 2022 at 8:26 AM Emmanuel Deloget <log...@free.fr> wrote: > > Le lun. 2 mai 2022 à 03:31, Denys Vlasenko <vda.li...@googlemail.com> a > > écrit : > > > > I beg to differ, and especially on some embedded systems where the RNG > > > > might be quite controllable by an attacker from the outside (mostly > > > > because > > > > it lacks a lot of entropy crediting inputs, which is exactly the reason > > > > why we > > > > need seedrng in the first place). This may lead to catastrophic > > > > cryptography > > > > failures down the road. > > > > > > Did you personally encounter such a situation? > > > I'm not implying it's not really happening, I'm interested to hear > > > from people who met this situation in real world. > > > > Hey :) We're now entering in the "cautionary tales" territory :) > > > > This happened, yes. We have not seen any exploitation of this in > > nature
I've exploited nonce reuse before. It's a real thing. Also, captured, stored, and later correlated network traffic is a real thing. Stop playing fast and lose with the crypto here. And stop entertaining these discussions where you reduce the security of a thing because of random people on a mailing list spouting off nonsense. Moreover, I'm shocked that you've continued to erode the security of the software, without so much of a reply to me about it substantiating your actions. For shame. As we speak, that fsync(dfd) is still missing a check on its return value. Just remove seedrng.c from busybox. You are clearly not a competent steward of security sensitive software, and this is just going to lead to bad things. Thanks, Jason _______________________________________________ busybox mailing list busybox@busybox.net http://lists.busybox.net/mailman/listinfo/busybox
