subject:"Re\: \[tor\-bugs\] #23086 \[Obfuscation\/BridgeDB\]\: GIMP Captcha uses insecure random number generator"

Re: [tor-bugs] #23086 [Obfuscation/BridgeDB]: GIMP Captcha uses insecure random number generator

2017-08-09 Thread Tor Bug Tracker & Wiki

#23086: GIMP Captcha uses insecure random number generator
--+---
 Reporter:  cypherpunks   |  Owner:  isis
 Type:  defect| Status:  closed
 Priority:  Medium|  Milestone:
Component:  Obfuscation/BridgeDB  |Version:
 Severity:  Normal| Resolution:  not a bug
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---
Changes (by isis):

 * status:  reopened => closed
 * resolution:   => not a bug


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #23086 [Obfuscation/BridgeDB]: GIMP Captcha uses insecure random number generator

2017-08-08 Thread Tor Bug Tracker & Wiki

#23086: GIMP Captcha uses insecure random number generator
--+--
 Reporter:  cypherpunks   |  Owner:  isis
 Type:  defect| Status:  reopened
 Priority:  Medium|  Milestone:
Component:  Obfuscation/BridgeDB  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by cypherpunks):

 * status:  closed => reopened
 * resolution:  not a bug =>


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #23086 [Obfuscation/BridgeDB]: GIMP Captcha uses insecure random number generator

2017-08-08 Thread Tor Bug Tracker & Wiki

#23086: GIMP Captcha uses insecure random number generator
--+---
 Reporter:  cypherpunks   |  Owner:  isis
 Type:  defect| Status:  closed
 Priority:  Medium|  Milestone:
Component:  Obfuscation/BridgeDB  |Version:
 Severity:  Normal| Resolution:  not a bug
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---
Changes (by cypherpunks):

 * status:  reopened => closed
 * resolution:   => not a bug


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #23086 [Obfuscation/BridgeDB]: GIMP Captcha uses insecure random number generator

2017-08-08 Thread Tor Bug Tracker & Wiki

#23086: GIMP Captcha uses insecure random number generator
--+--
 Reporter:  cypherpunks   |  Owner:  isis
 Type:  defect| Status:  reopened
 Priority:  Medium|  Milestone:
Component:  Obfuscation/BridgeDB  |Version:
 Severity:  Normal| Resolution:
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+--
Changes (by cypherpunks):

 * status:  closed => reopened
 * resolution:  not a bug =>


Comment:

 1)
 You don't use /dev/urandom in your captcha generation. You use ordinary
 random. I don't know if GIMP functions internals use CSPRNG, but I think
 they neither do.

 >Almost all module functions depend on the basic function random(), which
 generates a random float uniformly in the semi-open range [0.0, 1.0).
 Python uses the Mersenne Twister as the core generator.

 MT is insecure.

 >2) There's no need for a CSPRNG when randomly munging pixels.

 If the bias in the distribution the captcha parameters is exploitable (it
 is if the PRNG is not secure) there are odds to solve the captcha (with or
 without OCR) non-negligible better than if it was truly random. You are a
 cryptologist, you should understand that.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #23086 [Obfuscation/BridgeDB]: GIMP Captcha uses insecure random number generator

2017-08-02 Thread Tor Bug Tracker & Wiki

#23086: GIMP Captcha uses insecure random number generator
--+---
 Reporter:  cypherpunks   |  Owner:  isis
 Type:  defect| Status:  closed
 Priority:  Medium|  Milestone:
Component:  Obfuscation/BridgeDB  |Version:
 Severity:  Normal| Resolution:  not a bug
 Keywords:|  Actual Points:
Parent ID:| Points:
 Reviewer:|Sponsor:
--+---
Changes (by isis):

 * status:  new => closed
 * resolution:   => not a bug


Comment:

 1) /dev/urandom is not "insecure".
 2) There's no need for a CSPRNG when randomly munging pixels.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #23086 [Obfuscation/BridgeDB]: GIMP Captcha uses insecure random number generator

Re: [tor-bugs] #23086 [Obfuscation/BridgeDB]: GIMP Captcha uses insecure random number generator

Re: [tor-bugs] #23086 [Obfuscation/BridgeDB]: GIMP Captcha uses insecure random number generator

Re: [tor-bugs] #23086 [Obfuscation/BridgeDB]: GIMP Captcha uses insecure random number generator

Re: [tor-bugs] #23086 [Obfuscation/BridgeDB]: GIMP Captcha uses insecure random number generator

5 matches

Site Navigation

Mail list logo

Footer information