summaryrefslogtreecommitdiff
path: root/dc/d5fea889b0ea3e8908e1e57108beb2cecb251f
blob: c378f98a9ca6e0dffa44d68b06a79a927c363f10 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
Return-Path: <jason.davies@gmail.com>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
	[172.17.192.35])
	by mail.linuxfoundation.org (Postfix) with ESMTPS id 1706493C
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Tue, 10 Apr 2018 13:32:31 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-wr0-f180.google.com (mail-wr0-f180.google.com
	[209.85.128.180])
	by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 52D55636
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Tue, 10 Apr 2018 13:32:30 +0000 (UTC)
Received: by mail-wr0-f180.google.com with SMTP id o3so526019wri.2
	for <bitcoin-dev@lists.linuxfoundation.org>;
	Tue, 10 Apr 2018 06:32:30 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc
	:content-transfer-encoding:message-id:references:to;
	bh=ZyHyP/PrjZDl+HoMcj6FPfX7yHxjh+7tCdpzlRnCyoY=;
	b=nRMWPpIzEoHsVXfS5A7gxjI//uzrwsfsZFxIzZwVYe4QHMabB8ZoNMuZxS/hKlxwLZ
	RNSwKf3mHkL2emfIUpq+sFuFcYjiiWEQG+lP5AJWf1q1GkLqE3zz3lJufUFgsAG01u6t
	8/h0yhgcXZwI0EfGW/l9DXd1eZbaATjl3YXBQk3Qu/4Sj/08BGWvoPjn+9Eqt2ZZjJ4a
	47owgk3w+IH9hP99Guge62vxXY59VY7gm8M+nxj2Xe36ieoM0lL9QJK81ZINISEJBq2i
	lZBvhX5jp0WY5dtmix9kVlicAo3vEsQBqhmFBek1l8VXWQa+Ka3j+gGeURuEMaHDnJPH
	HudQ==
X-Gm-Message-State: ALQs6tBm/pcEQqpPYA0gxA7cUsm6y21/nThpYJrc8D20luydH+r4+dTr
	jnrrB6/Aq0Rn4hAjS+k7bTC/4IEU
X-Google-Smtp-Source: AIpwx4+RbDwUJzyphU98jDxvjjUvQWVfHdnvkzTD2HH2WRr3cem4f6MmNCtYrVXkxrN850GAdkuDBA==
X-Received: by 10.223.129.199 with SMTP id 65mr333363wra.159.1523367148915;
	Tue, 10 Apr 2018 06:32:28 -0700 (PDT)
Received: from [192.168.2.215]
	(cpc97578-walt24-2-0-cust101.13-2.cable.virginm.net. [82.1.27.102])
	by smtp.gmail.com with ESMTPSA id
	r200sm2199786wmb.9.2018.04.10.06.32.27
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Tue, 10 Apr 2018 06:32:28 -0700 (PDT)
Content-Type: text/plain;
	charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 11.3 \(3445.6.18\))
From: Jason Davies <jason@jasondavies.com>
In-Reply-To: <33a9f602-6185-cac5-e457-e5a9af047dbc@gmail.com>
Date: Tue, 10 Apr 2018 14:32:36 +0100
Content-Transfer-Encoding: quoted-printable
Message-Id: <E0F193EA-9479-4E07-8B91-B77D33FB0CBE@jasondavies.com>
References: <84976adb75bef1dfdb12b98c19811278@national.shitposting.agency>
	<CA+vKqYc3X6ZjVNXs0xgsLGekxPCTcLZj7t2vkyBOV_o=2C2qPA@mail.gmail.com>
	<921edfdb-e0e5-8ce4-55d8-ba4e84ef633f@musalbas.com>
	<010e34a3-f9cf-fba1-5482-de06bc350d64@musalbas.com>
	<69fb5cc4-7b3d-e23d-2b7e-cddcd7b2877b@musalbas.com>
	<333F9973-6092-45B7-A87F-32730D752501@jasondavies.com>
	<33a9f602-6185-cac5-e457-e5a9af047dbc@gmail.com>
To: Aymeric Vitte <vitteaymeric@gmail.com>
X-Mailer: Apple Mail (2.3445.6.18)
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,FREEMAIL_FROM,
	RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	smtp1.linux-foundation.org
X-Mailman-Approved-At: Tue, 10 Apr 2018 13:36:16 +0000
Cc: Bitcoin Protocol Discussion <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] KETAMINE: Multiple vulnerabilities in
 SecureRandom(), numerous cryptocurrency products affected.
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Protocol Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
	<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Apr 2018 13:32:31 -0000

>> Note that even with v1.4, it still does not use high-quality entropy =
for
>> Internet Explorer, because getRandomValues is provided under =
window.msCrypto
>> for that browser.
>
> I don't know for that one, what was the issue?

I simply meant that Internet Explorer implements the Web Cryptography =
API under
window.msCrypto instead of window.crypto.  Thus, unless
msCrypto.getRandomValues is used, high-quality entropy will not have =
been used
by any of these libraries under Internet Explorer.

--
Jason Davies, https://www.jasondavies.com/