weak random numbers used for IV encryption
Bug #1255300 reported by
George Ormond Lorch III
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Percona XtraBackup moved to https://jira.percona.com/projects/PXB |
Fix Released
|
Medium
|
George Ormond Lorch III | ||
2.1 |
Fix Released
|
Medium
|
George Ormond Lorch III | ||
2.2 |
Fix Released
|
Medium
|
George Ormond Lorch III |
Bug Description
http://
While researching asymmetric encryption it was discovered that libgcrypt has built in randomization functions that should be used for setting the IV. This security alert confirms that stronger randomization is needed.
Related branches
lp:~gl-az/percona-xtrabackup/bug1255300-2.1
- Alexey Kopytov (community): Approve
-
Diff: 67 lines (+1/-23)4 files modifiedsrc/ds_encrypt.c (+0/-2)
src/xbcrypt.c (+0/-2)
src/xbcrypt.h (+0/-2)
src/xbcrypt_common.c (+1/-17)
lp:~gl-az/percona-xtrabackup/bug1255300-2.2
- Alexey Kopytov (community): Approve
-
Diff: 67 lines (+1/-23)4 files modifiedstorage/innobase/xtrabackup/src/ds_encrypt.c (+0/-2)
storage/innobase/xtrabackup/src/xbcrypt.c (+0/-2)
storage/innobase/xtrabackup/src/xbcrypt.h (+0/-2)
storage/innobase/xtrabackup/src/xbcrypt_common.c (+1/-17)
To post a comment you must log in.
Percona now uses JIRA for bug reports so this bug report is migrated to: https:/ /jira.percona. com/browse/ PXB-677