diff options
author | anonimal <anonimal@getmonero.org> | 2019-09-07 01:35:47 +0000 |
---|---|---|
committer | anonimal <anonimal@getmonero.org> | 2019-09-08 01:14:39 +0000 |
commit | cd57a10c90134bbe67d35cbe71037d9ca42427ad (patch) | |
tree | 8d32f7dda88da1c1068f3cdcb3d9a79ac6dc39a3 /src/wallet | |
parent | tests: rct_mlsag: resolve CID 203914 (UNINIT_CTOR) (diff) | |
download | monero-cd57a10c90134bbe67d35cbe71037d9ca42427ad.tar.xz |
epee: abstract_tcp_server2: resolve CID 203919 (DC.WEAK_CRYPTO)
The problem actually exists in two parts:
1. When sending chunks over a connection, if the queue size is
greater than N, the seed is predictable across every monero node.
>"If rand() is used before any calls to srand(), rand() behaves as if
it was seeded with srand(1). Each time rand() is seeded with the same seed, it
must produce the same sequence of values."
2. The CID speaks for itself: "'rand' should not be used for security-related
applications, because linear congruential algorithms are too easy to break."
*But* this is an area of contention.
One could argue that a CSPRNG is warranted in order to fully mitigate any
potential timing attacks based on crafting chunk responses. Others could argue
that the existing LCG, or even an MTG, would suffice (if properly seeded). As a
compromise, I've used an MTG with a full bit space. This should give a healthy
balance of security and speed without relying on the existing crypto library
(which I'm told might break on some systems since epee is not (shouldn't be)
dependent upon the existing crypto library).
Diffstat (limited to 'src/wallet')
0 files changed, 0 insertions, 0 deletions