[Bug 2086515] Re: Cryptographically unsafe RNG used for FIT images
Dave Jones
2086515 at bugs.launchpad.net
Tue Feb 11 12:59:11 UTC 2025
** Changed in: u-boot (Ubuntu)
Assignee: (unassigned) => Dave Jones (waveform)
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to u-boot in Ubuntu.
https://bugs.launchpad.net/bugs/2086515
Title:
Cryptographically unsafe RNG used for FIT images
Status in u-boot package in Ubuntu:
Confirmed
Bug description:
The mkimage tool uses the random() function for generating the
initialization vector used for AES encryption inside FIT images. As
the PRNG used for the random() function has only 2^31 states this is
cryptographically unsafe. See appended patch.
"The ideal IV is a random or pseudorandom number. It must also be
nonrepeating. Both randomness and nonrepetitiveness are crucial to
prevent attackers from finding patterns in similar parts of the
encrypted message and then using this information to decrypt the
message. The IV need not be secret." [1]
[1] https://www.techtarget.com/whatis/definition/initialization-
vector-IV
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/u-boot/+bug/2086515/+subscriptions
More information about the foundations-bugs
mailing list