Hi, Robert Ransom wrote (10 Jan 2013 01:21:35 GMT) : > * src/lib/random.cpp will use fake entropy produced by a > non-cryptographic PRNG with a 32-bit seed if it fails to open or read > from /dev/urandom.
I don't see many reasons why this would happen in practice, and I guess we can ignore that one, but still, I see no valid reason for this code's behavior on GNU/Linux. Robert, do you intend to report it upstream? > * src/dialogs/CollectEntropyDlg.cpp records the (low-entropy) sequence > of keys pressed by the user, and discards the keystroke event timings > which contain most of the entropy. Any idea if this feature is used for anything else than the password generator (where it is apparently disabled by default)? > * It uses the Gladman implementation of AES, which makes no attempt to > resist timing side-channel attacks. (It also supports using Twofish > to encrypt password databases; Twofish cannot be implemented > efficiently without side-channel leaks.) I beg your pardon if my question is naive, but (aside from the fact such bad practice is not exactly trust inspiring) is there a practical drawback of such timing side-channel attacks in an non-networking application used in the intended context of a Tails password manager? > * It also includes an RC4 implementation (RC4 also cannot be > implemented efficiently without side-channel leaks), and uses a single > global RC4 key to ‘encrypt’ multiple strings in memory (see > src/lib/SecString.[hc]) by XORing each of them with (part of) the same > sequence of keystream bytes. Is this a practical problem in the intended usecase? > The cryptography used on disk should be adequate, aside from the > side-channel leaks and the fake RNGs. (It encrypts the whole file > using a block cipher in CBC mode with a random IV and mediocre > integrity protection.) OK. Thanks a lot for your review! As you probably noticed already, the copyright and license issues were reported. On the security side, it looks to me like none of these issues look critical for the intended usecase in Tails, so I think we can go ahead. If I'm mistaken, please tell me :) Cheers, -- intrigeri | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc _______________________________________________ tails-dev mailing list tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev
