Verwendung unsicherer Zufallszahlen in perl-Crypt-DSA
ID: | FEDORA-2013-15755 |
Distribution: | Fedora |
Plattformen: | Fedora 18 |
Datum: | Fr, 13. September 2013, 08:36 |
Referenzen: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3599 |
Applikationen: | perl-Crypt-DSA |
Originalnachricht |
|
Name : perl-Crypt-DSA Product : Fedora 18 Version : 1.17 Release : 10.fc18 URL : http://search.cpan.org/dist/Crypt-DSA/ Summary : Perl module for DSA signatures and key generation Description : Crypt::DSA is an implementation of the DSA (Digital Signature Algorithm) signature verification system. This package provides DSA signing, signature verification, and key generation. -------------------------------------------------------------------------------- Update Information: As taught by the '09 Debian PGP disaster relating to DSA, the randomness source is extremely important. On systems without /dev/random, Crypt::DSA falls back to using Data::Random. Data::Random uses rand(), about which the perldoc says "rand() is not cryptographically secure. You should not rely on it in security-sensitive situations." In the case of DSA, this is even worse. Using improperly secure randomness sources can compromise the signing key upon signature of a message. See: http://rdist.root.org/2010/11/19/dsa-requirements-for-random-k-value/ It might seem that this would not affect Linux since /dev/random is always available and so the fall back to Data::Random would never happen. However, if an application is confined using a MAC system such as SELinux then access to /dev/random could be denied by policy and the fall back would be triggered. -------------------------------------------------------------------------------- ChangeLog: * Tue Sep 3 2013 Paul Howarth |