Crypto++ and DUHK attacks
9 views
Skip to first unread message
Jeffrey Walton
Oct 31, 2017, 5:51:33 PM10/31/17
to Crypto++ Users
Hi Everyone,
Just a quick public service announcement for DUHK attacks (https://duhkattack.com/).
The default random number generator for the library is AutoSeededRandomPool. It is a AES-based PGP-style generator that gets its seed from the OS's entropy pool. The pools are /dev/random, /dev/urandom or CryptGenRandom.
The FIPS DLL used AutoSeededX917RNG<AES>, but the seed was taken from the OS pool rather than time. The pool sources are /dev/random, /dev/urandom or CryptGenRandom. You should be OK as long as you allowed the generator to seed itself with OS_GenerateRandomBlock. If you supplied a time-based seed then you could be in trouble.
Also see the DefaultAutoSeededRNG class and AutoSeededX917RNG<BLOCK_CIPHER>::Reseed() in https://github.com/weidai11/cryptopp/blob/master/osrng.h; and https://www.cryptopp.com/wiki/RandomNumberGenerator on the wiki.
Jeff
Just a quick public service announcement for DUHK attacks (https://duhkattack.com/).
The default random number generator for the library is AutoSeededRandomPool. It is a AES-based PGP-style generator that gets its seed from the OS's entropy pool. The pools are /dev/random, /dev/urandom or CryptGenRandom.
The FIPS DLL used AutoSeededX917RNG<AES>, but the seed was taken from the OS pool rather than time. The pool sources are /dev/random, /dev/urandom or CryptGenRandom. You should be OK as long as you allowed the generator to seed itself with OS_GenerateRandomBlock. If you supplied a time-based seed then you could be in trouble.
Also see the DefaultAutoSeededRNG class and AutoSeededX917RNG<BLOCK_CIPHER>::Reseed() in https://github.com/weidai11/cryptopp/blob/master/osrng.h; and https://www.cryptopp.com/wiki/RandomNumberGenerator on the wiki.
Jeff
Reply all
Reply to author
Forward
0 new messages