[guardian-dev] Fwd: Re: [OTR-users] OTR mentioned in Snowden documents?
Nathan of Guardian
nathan at guardianproject.info
Wed Sep 11 11:01:16 EDT 2013
Anyone have some time to dig into the potential malicious seed in
bouncycastle issue below?
-------- Original Message --------
Subject: Re: [OTR-users] OTR mentioned in Snowden documents?
Date: Wed, 11 Sep 2013 07:47:00 -0700
From: Mike Minor <mike at firstworldproblems.com>
To: Nathan of Guardian <nathan at guardianproject.info>
CC: otr-users at lists.cypherpunks.ca
On Sep 6, 2013, at 10:02 AM, Nathan of Guardian <nathan at guardianproject.info> wrote:
> On 09/06/2013 12:40 PM, Mike Minor wrote:
>> I thought I might poke some discussion as to where the weaknesses might be in an OTR implementation where you are using the currently known best practices (verifying fingerprints, etc)
> Excellent point, and true that if there were mass MITM on OTR sessions,
> those of us who do verify would notice.
>
> One fear I have had has been around OTR4J (which we use in Gibberbot,
> and others like Jitsi do as well) and our dependency on BouncyCastle
> libraries, and Java, as well for that.
>
> With the recent weakness found in the Android PRNG, I fear there may be
> other "oops" bugs, either intentional or not, somewhere in that stack.
>
> +n
The constant "c49d360886e704936a6678e1139d26b7819f7e90" appears to be a malicious non-random seed for the prime256v1 curve that is found in BouncyCastle. Are you relying on it in your code?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mayfirst.org/pipermail/guardian-dev/attachments/20130911/9bb33265/attachment.html>
More information about the Guardian-dev
mailing list