[Bug 2086515] Re: Cryptographically unsafe RNG used for FIT images
Heinrich Schuchardt
2086515 at bugs.launchpad.net
Sat Nov 2 16:38:18 UTC 2024
Upstream asked me to send the patch to the public mailing list:
https://lists.denx.de/pipermail/u-boot/2024-November/570344.html
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to u-boot in Ubuntu.
https://bugs.launchpad.net/bugs/2086515
Title:
Cryptographically unsafe RNG used for FIT images
Status in u-boot package in Ubuntu:
New
Bug description:
The mkimage tool uses the random() function for generating the
initialization vector used for AES encryption inside FIT images. As
the PRNG used for the random() function has only 2^31 states this is
cryptographically unsafe. See appended patch.
"The ideal IV is a random or pseudorandom number. It must also be
nonrepeating. Both randomness and nonrepetitiveness are crucial to
prevent attackers from finding patterns in similar parts of the
encrypted message and then using this information to decrypt the
message. The IV need not be secret." [1]
[1] https://www.techtarget.com/whatis/definition/initialization-
vector-IV
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/u-boot/+bug/2086515/+subscriptions
More information about the foundations-bugs
mailing list