Sequential calls of encryption API (`encrypt`, `wrap`, and `dump`) result in nonce reuse

Problem: Trying to create a new encrypted message with the same cocoon object generates the same ciphertext. It mostly affects MiniCocoon and Cocoon objects with custom seeds and RNGs where StdRng is used under the hood. Note: The issue does NOT affect objects created with Cocoon::new which...

GHSA-M9M5-CG5H-R582 Improper random number generation in nanorand

In versions of nanorand prior to 0.5.1, RandomGen implementations for standard unsigned integers could fail to properly generate numbers, due to using bit-shifting to truncate a 64-bit number, rather than just an as conversion. This often manifested as RNGs returning nothing but 0, including the...

Incorrect check on buffer length when seeding RNGs

Summary: randcore::le::readu32into and readu64into have incorrect checks on the source buffer length, allowing the destination buffer to be under-filled. Implications: some downstream RNGs, including Hc128Rng but not the more widely used ChaChaRng, allow seeding using the SeedableRng::fromseed...

nanorand 0.5.0 - RNGs failed to generate properly for non-64-bit numbers

In versions of nanorand prior to 0.5.1, RandomGen implementations for standard unsigned integers could fail to properly generate numbers, due to using bit-shifting to truncate a 64-bit number, rather than just an as conversion. This often manifested as RNGs returning nothing but 0, including the...

RUSTSEC-2020-0089 nanorand 0.5.0 - RNGs failed to generate properly for non-64-bit numbers

In versions of nanorand prior to 0.5.1, RandomGen implementations for standard unsigned integers could fail to properly generate numbers, due to using bit-shifting to truncate a 64-bit number, rather than just an as conversion. This often manifested as RNGs returning nothing but 0, including the...

The Linux CSPRNG Is Now Good!

Oceans of ink and hours on stage have been spent to convince the world that the best random number generator is /dev/urandom, the kernel one. And it is, and its always been. However, an uncomfortable truth was that the Linux CSPRNG really could have been better than it was. Userspace CSPRNGs...

Dennis Fisher and Mike Mimoso Discuss CanSecWest and Pwn2Own

Dennis Fisher and Mike Mimoso talk about the news from the CanSecWest conference, the drama and melodrama at Pwn2Own and the bad year that RNGs have had. Download: digitalunderground148.mp3 Photo via mayanais‘ Flickr photostream, Creative Commons...

/Dev/Random PRNG in Linux Questioned

The sanctity of the dev/random random number generator used in the Linux kernel has been a hot-button issue for more than a month. A petition posted to change.org in September to remove RdRand from dev/random, for example, was met with fury from Linus Torvalds who called the developer who posted ...