[FFmpeg-devel] [PATCH 1/2] avformat/hlsenc: fall back to av_get_random_seed() when generating AES128 key
Michael Niedermayer
michael at niedermayer.cc
Tue Jul 4 02:50:57 EEST 2023
On Mon, Jul 03, 2023 at 11:09:54PM +0200, Anton Khirnov wrote:
> Quoting Marton Balint (2023-07-03 22:54:41)
> > On Mon, 3 Jul 2023, Anton Khirnov wrote:
> > My patch use av_get_random_seed() which uses what the underlying OS
> > provides, BCrypt for Windows, /dev/urandom for Linux, arc4random() for
> > BSD/Mac.
>
> IOW it's a jungle of various paths, some of which are not guaranteed to
> be cryptographically secure. I see no such guarantees for arc4random()
> from a brief web search, and the fallback get_generic_seed() certainly
> is not either. Granted it's only used on obscure architectures, but
> still.
>
> The doxy even says
> > This function tries to provide a good seed at a best effort bases.
>
> > You really think that these are significantly worse than
> > OpenSSL/GCrypt, so it should not be allowed to fallback to?
>
> I think we should be using cryptographically secure PRNG for generating
> encryption keys, or fail when they are not available. If you want to get
> rid of the openssl dependency, IMO the best solution is a new
> int av_random(uint8_t* buf, size_t len);
> that guarantees either cryptographically secure randomness or an error.
"guarantees cryptographically secure randomness" ?
If one defined "cryptographically secure" as "not broken publically as of today"
Iam saying that as i think "guarantees" can be misleading in what it means
thx
[...]
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
The day soldiers stop bringing you their problems is the day you have stopped
leading them. They have either lost confidence that you can help or concluded
you do not care. Either case is a failure of leadership. - Colin Powell
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20230704/76a915d5/attachment.sig>
More information about the ffmpeg-devel
mailing list