Title: Cryptographic API Misuse Vulnerability: Do not use insecure pseudo random number generator(PRNG) in a security context · Issue #20 · HarryR/solcrypto · GitHub
Open Graph Title: Cryptographic API Misuse Vulnerability: Do not use insecure pseudo random number generator(PRNG) in a security context · Issue #20 · HarryR/solcrypto
X Title: Cryptographic API Misuse Vulnerability: Do not use insecure pseudo random number generator(PRNG) in a security context · Issue #20 · HarryR/solcrypto
Description: Hello! First and foremost, I would like to express my sincere gratitude for your contributions to this project. Description: I have identified a security vulnerability in solcrypto project's about insecure PNRG. PRNGs are used to generat...
Open Graph Description: Hello! First and foremost, I would like to express my sincere gratitude for your contributions to this project. Description: I have identified a security vulnerability in solcrypto project's about ...
X Description: Hello! First and foremost, I would like to express my sincere gratitude for your contributions to this project. Description: I have identified a security vulnerability in solcrypto project's ab...
Opengraph URL: https://github.com/HarryR/solcrypto/issues/20
X: @github
Domain: github.com
{"@context":"https://schema.org","@type":"DiscussionForumPosting","headline":"Cryptographic API Misuse Vulnerability: Do not use insecure pseudo random number generator(PRNG) in a security context","articleBody":"Hello!\r\nFirst and foremost, I would like to express my sincere gratitude for your contributions to this project.\r\n\r\n\r\n## Description:\r\nI have identified a security vulnerability in [solcrypto](https://github.com/HarryR/solcrypto) project's about insecure PNRG.\r\n\r\nPRNGs are used to generate random numbers that are unpredictable and uniformly distributed. However, some PRNGs are not truly random and can be predicted or reproduced, which can compromise the security of cryptographic applications that rely on them, such as key derivation, encryption, or digital signatures. Examples of insecure PRNGs are `random.randbytes`, or `random.randint`. These PRNGs should not be used in a security context and replaced by more secure ones, such as `secrets.token_bytes`, or `os.urandom`. It corresponds to CWE-338: Use of Cryptographically Weak PRNG.\r\n\r\n## Locations:\r\nhttps://github.com/HarryR/solcrypto/blob/3c59250005e76bae7de73b753d7406eee15b8e6e/pysolcrypto/polyhash.py#L56\r\nhttps://github.com/HarryR/solcrypto/blob/3c59250005e76bae7de73b753d7406eee15b8e6e/pysolcrypto/polyhash.py#L57\r\n\r\n## References:\r\n[CWE-338: Use of Cryptographically Weak PRNG.](https://cwe.mitre.org/data/definitions/338.html)\r\n\r\n## Recommendations:\r\nRandom IV Generation: Implement a secure random salt generator , such as `secrets` library.\r\n\r\nImmediate attention to this issue is recommended to maintain the privacy and security of solcrypto users.\r\n\r\n","author":{"url":"https://github.com/gxx777","@type":"Person","name":"gxx777"},"datePublished":"2024-01-04T08:50:07.000Z","interactionStatistic":{"@type":"InteractionCounter","interactionType":"https://schema.org/CommentAction","userInteractionCount":0},"url":"https://github.com/20/solcrypto/issues/20"}
| route-pattern | /_view_fragments/issues/show/:user_id/:repository/:id/issue_layout(.:format) |
| route-controller | voltron_issues_fragments |
| route-action | issue_layout |
| fetch-nonce | v2:4a158f39-8b19-f330-89fd-47824f0882d4 |
| current-catalog-service-hash | 81bb79d38c15960b92d99bca9288a9108c7a47b18f2423d0f6438c5b7bcd2114 |
| request-id | EC4E:22EDEC:5AAE9C:800586:6A4BCBF5 |
| html-safe-nonce | 3cfb3017aed0ce6351c653f99fd14e63cedb98015556ad9d09944894dc0e4990 |
| visitor-payload | eyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiJFQzRFOjIyRURFQzo1QUFFOUM6ODAwNTg2OjZBNEJDQkY1IiwidmlzaXRvcl9pZCI6IjE5NjE1ODIwMDMzMzAyMDY3MDkiLCJyZWdpb25fZWRnZSI6ImlhZCIsInJlZ2lvbl9yZW5kZXIiOiJpYWQifQ== |
| visitor-hmac | aaa613b6946616b3bf395aa9d763f053f4afd1b75bc9f3a6c96379c52a863d30 |
| hovercard-subject-tag | issue:2065246710 |
| github-keyboard-shortcuts | repository,issues,copilot |
| google-site-verification | Apib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I |
| octolytics-url | https://collector.github.com/github/collect |
| analytics-location | / |
| fb:app_id | 1401488693436528 |
| apple-itunes-app | app-id=1477376905, app-argument=https://github.com/_view_fragments/issues/show/HarryR/solcrypto/20/issue_layout |
| twitter:image | https://opengraph.githubassets.com/f7468939b1bf0271f68de2ff720303e66ef039ee34dd0690dd0c6681eb993392/HarryR/solcrypto/issues/20 |
| twitter:card | summary_large_image |
| og:image | https://opengraph.githubassets.com/f7468939b1bf0271f68de2ff720303e66ef039ee34dd0690dd0c6681eb993392/HarryR/solcrypto/issues/20 |
| og:image:alt | Hello! First and foremost, I would like to express my sincere gratitude for your contributions to this project. Description: I have identified a security vulnerability in solcrypto project's about ... |
| og:image:width | 1200 |
| og:image:height | 600 |
| og:site_name | GitHub |
| og:type | object |
| og:author:username | gxx777 |
| hostname | github.com |
| expected-hostname | github.com |
| None | 14aa00ce5bdb34d0eefb5facbffd7de9e144c688d8a93ef8df902d5f94b51dd7 |
| turbo-cache-control | no-preview |
| go-import | github.com/HarryR/solcrypto git https://github.com/HarryR/solcrypto.git |
| octolytics-dimension-user_id | 303926 |
| octolytics-dimension-user_login | HarryR |
| octolytics-dimension-repository_id | 115904173 |
| octolytics-dimension-repository_nwo | HarryR/solcrypto |
| octolytics-dimension-repository_public | true |
| octolytics-dimension-repository_is_fork | false |
| octolytics-dimension-repository_network_root_id | 115904173 |
| octolytics-dimension-repository_network_root_nwo | HarryR/solcrypto |
| turbo-body-classes | logged-out env-production page-responsive |
| disable-turbo | false |
| browser-stats-url | https://api.github.com/_private/browser/stats |
| browser-errors-url | https://api.github.com/_private/browser/errors |
| release | 58b8f89190447502561829f30862aa0a99d53367 |
| ui-target | full |
| theme-color | #1e2327 |
| color-scheme | light dark |
Links:
Viewport: width=device-width