|
From: | Richard Copley |
Subject: | bug#22202: 24.5; SECURITY ISSUE -- Emacs Server vulnerable to random number generator attack on Windows systems |
Date: | Wed, 30 Dec 2015 20:56:03 +0000 |
Ah, I forgot to mention one other thing that had occurred to me. It might not be a good idea to pass the current time to CryptGenRandom for the optional initial seed. The current time (in various forms) is already used as seed entropy by the system, and it's conceivable (though implausible) that we could be destroying entropy by doing this. It's probably better (and "acceptable" according to the documentation) not to pass any seed at all.
[Prev in Thread] | Current Thread | [Next in Thread] |