[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] KDE Paste Applet
From: Garth Mollett <gmollett () redhat ! com>
Date: 2013-06-26 6:58:15
Message-ID: 51CA9107.6060402 () redhat ! com
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 06/26/2013 03:06 PM, Kurt Seifried wrote:
> On 06/25/2013 10:39 PM, Michael Samuel wrote:
>> On 13 June 2013 10:02, Michael Samuel <mik@miknet.net> wrote:
>
>>> Ok, so the fix for this uses KRandom::random()...
>>>
>>> I suggest leaving the KDE Paste fix as-is and replacing
>>> KRandom with something that just fills an integer from
>>> /dev/urandom - then we can save a few CVE numbers for the rest
>>> of the year.
>>>
>>> qrand() should probably also do the same, especially since
>>> cnonces for HTTP auth are using it - that means there's only
>>> 2^32 (at best) possible cnonces...
>>>
>>>>
>>>>
>> Fedora and Ubuntu have both pushed out this patch. Requesting a
>> new CVE for "KRandom::random() isn't a secure PRNG", since the
>> KDE guys are convinced that it is.
>
>> Regards, Michael
>
> So the thing is it can be completely random, just like a coin
> flip. But the search space might be to small (e.g. a 1 bit key
> based on a coin flip wouldn't be "secure"). I suspect 2^32 isn't
> enough any more either, assuming a 480 core GPU, if you can run 250
> cracking attempts per second per core you can brute force a 2^32
> search space in 10 hours or so. Needless to say GPUs are getting
> pretty cheap. So this appears to be a textbook example of CWE-334
> "Small Space of Random Values".
>
> Please use CVE-2013-2213 for KDE KRandom::random() CWE-334: Small
> Space of Random Values.
>
>
If /dev/urandom can't be opened it looks even worse:
00041 // No /dev/urandom... try something else.
00042 srand(getpid());
00043 seed = rand()+time(0);
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
iQEcBAEBAgAGBQJRypEHAAoJEPjpLwZKQ8Gp3boIAMy5abrxcwaSuPQYswPtrD2j
Xhj8qYmvwoRQDN5TDaT6uzEMZOSsC7cCv7RarueCiQwX+TOMz/XaxiFE8n37khTk
MgVuBDJc759QNfIIeyYedg7WrT0c3rbqbD/CHjKicJrnpDSTBqxz7um0CejtQzMP
dC1gk2PHYbHzQR75xEYhHPZsY30tsIeY/cP6/x+nN3h7xcVOwKNSLEHEAFzpxH6i
zgCSUj277b0LpmddMIaLvO+qXDEAZ+RT6JN14uqfSYFbQ1F+oM4x4x/k5IOCoHNQ
aAGLSfpxQ+MiborqQKCpGvoMsP9Hdw1s6pnPeDFoLD8tIjxr4Pcem0r5ebiT+zQ=
=Vgdc
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic