On Tue, Apr 21, 2026 at 09:40:37AM +0200, Werner Koch wrote:
I see no attack here. However, mutt_random_bytes is also used to construct message ids. I would suggest to make them less predictable. But do not use new crypto algorithms for that. All systems come with proper random number generators these days. Something like/* Create an unpredicable nonce of LENGTH bytes in BUFFER. */ void gcry_create_nonce (void *buffer, size_t length); if you anyway link to Libgcrypt, or use the respective functions from the other crypto libs.
Thank you Werner and Greg KH! (I'll just reply to you both here) Something like gcry_create_nonce() sounds perfect. Unfortunately we don't link to Libgcrypt. Perhaps, as Greg KH suggested we could try checking for getrandom(), and then arc4random_buf(), and if both are missing I guess fall back to what we have now? Some quick searches suggested FreeBSD and OpenBSD switched their arc4 implementation to use ChaCha. -- Kevin J. McCarthy GPG Fingerprint: 8975 A9B3 3AA3 7910 385C 5308 ADEF 7684 8031 6BDA
signature.asc
Description: PGP signature
