weak random numbers used for IV encryption

Bug #1255300 reported by George Ormond Lorch III on 2013-11-26
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Percona XtraBackup
Medium
George Ormond Lorch III
2.1
Medium
George Ormond Lorch III
2.2
Medium
George Ormond Lorch III

Bug Description

http://www.openwall.com/lists/oss-security/2013/11/26/13

While researching asymmetric encryption it was discovered that libgcrypt has built in randomization functions that should be used for setting the IV. This security alert confirms that stronger randomization is needed.

Related branches

lp:~gl-az/percona-xtrabackup/bug1255300-2.1
Alexey Kopytov (community): Approve on 2013-11-28
lp:~gl-az/percona-xtrabackup/bug1255300-2.2
Alexey Kopytov (community): Approve on 2013-11-28
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers