I’ve mentioned this in the past, but not sure I did that on my blog yet, so here it goes:
Avoid writing the deep security layers of your software yourself, as it is hard, even for seasoned security software developers.
Push as much as you can to well tested external libraries.
See for instance [Wayback/Archive.is] GHSL-2021-1012: Poor random number generation in keypair – CVE-2021-41117 | GitHub Security Lab
Three went wrong, leading to easy to guess RSA security keys:
- The library has an insecure random number fallback path. Ideally the library would require a strong CSPRNG instead of attempting to use a LCG and
Math.random.- The library does not correctly use a strong random number generator when run in NodeJS, even though a strong CSPRNG is available.
- The fallback path has an issue in the implementation where a majority of the seed data is going to effectively be zero.
The most important thing that went wrong was seeding the random number generator, cascading
Via:
- [Archive.is] Juliano Rizzo on Twitter: “”The impact is that each byte in the RNG seed has a 97% chance of being 0 due to incorrect conversion. When it is not, the bytes are 0 through 9.”… “
- [Archive.is] GitHub Security Lab on Twitter: “GHSL-2021-1012: Poor random number generation in keypair – CVE-2021-41117 – …”
–jeroen
The Wiert Corner - irregular stream of stuff 