Switch System Flaws: Difference between revisions
| Line 1,047: | Line 1,047: | ||
| June 11, 2024 | | June 11, 2024 | ||
| [[User:Yellows8|yellows8]] (sysupdate diff) | | [[User:Yellows8|yellows8]] (sysupdate diff) | ||
|- | |||
| [[SSL_services|ssl]] broken RNG | |||
| [[SSL_services|ssl]] uses nn::os::GenerateRandomBytes, but not [[SPL_services|spl]] GenerateRandomBytes. See the RNG entries elsewhere. This is used to seed the NSS global RNG (drbg.c, RNG_GenerateGlobalRandomBytes etc). | |||
If one could somehow determine the data which was returned by nn::os::GenerateRandomBytes during seeding (which is likely difficult), the global RNG would be broken. | |||
With [19.0.0+] nn::os::GenerateRandomBytes usage was replaced with [[SPL_services|spl]] GenerateRandomBytes. | |||
| Breaking [[SSL_services|ssl]] global RNG -> potentially predict RNG data (keys(?)) during TLS comms. | |||
| [[19.0.0]] | |||
| [[19.0.0]] | |||
| December 14, 2021 | |||
| October 8, 2024 | |||
| [[User:Yellows8|yellows8]] | |||
|} | |} | ||