Git Inbox Mirror of the ffmpeg-devel mailing list - see https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
 help / color / mirror / Atom feed
From: Michael Niedermayer <michael@niedermayer.cc>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Subject: Re: [FFmpeg-devel] [PATCH 1/2] avformat/hlsenc: fall back to av_get_random_seed() when generating AES128 key
Date: Tue, 4 Jul 2023 01:50:57 +0200
Message-ID: <20230703235057.GQ1093384@pb2> (raw)
In-Reply-To: <168841859463.9711.12513000520212201640@lain.khirnov.net>


[-- Attachment #1.1: Type: text/plain, Size: 1743 bytes --]

On Mon, Jul 03, 2023 at 11:09:54PM +0200, Anton Khirnov wrote:
> Quoting Marton Balint (2023-07-03 22:54:41)
> > On Mon, 3 Jul 2023, Anton Khirnov wrote:
> > My patch use av_get_random_seed() which uses what the underlying OS 
> > provides, BCrypt for Windows, /dev/urandom for Linux, arc4random() for 
> > BSD/Mac.
> 
> IOW it's a jungle of various paths, some of which are not guaranteed to
> be cryptographically secure. I see no such guarantees for arc4random()
> from a brief web search, and the fallback get_generic_seed() certainly
> is not either. Granted it's only used on obscure architectures, but
> still.
> 
> The doxy even says
> > This function tries to provide a good seed at a best effort bases.
> 
> > You really think that these are significantly worse than
> > OpenSSL/GCrypt, so it should not be allowed to fallback to?
> 
> I think we should be using cryptographically secure PRNG for generating
> encryption keys, or fail when they are not available. If you want to get
> rid of the openssl dependency, IMO the best solution is a new
>   int av_random(uint8_t* buf, size_t len);
> that guarantees either cryptographically secure randomness or an error.

"guarantees cryptographically secure randomness" ?
If one defined "cryptographically secure" as "not broken publically as of today"

Iam saying that as i think "guarantees" can be misleading in what it means

thx

[...]
-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

The day soldiers stop bringing you their problems is the day you have stopped 
leading them. They have either lost confidence that you can help or concluded 
you do not care. Either case is a failure of leadership. - Colin Powell

[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 195 bytes --]

[-- Attachment #2: Type: text/plain, Size: 251 bytes --]

_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".

  parent reply	other threads:[~2023-07-03 23:51 UTC|newest]

Thread overview: 28+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-07-02 19:30 Marton Balint
2023-07-02 19:30 ` [FFmpeg-devel] [PATCH 2/2] avformat/hlsenc: remove openssl/gcrypt random key generation Marton Balint
2023-07-03  2:21   ` Steven Liu
2023-07-03  2:20 ` [FFmpeg-devel] [PATCH 1/2] avformat/hlsenc: fall back to av_get_random_seed() when generating AES128 key Steven Liu
2023-07-03 19:23   ` Marton Balint
2023-07-03 19:33 ` James Almer
2023-07-03 20:15   ` Anton Khirnov
2023-07-03 20:54     ` Marton Balint
2023-07-03 21:09       ` Anton Khirnov
2023-07-03 21:52         ` Marton Balint
2023-07-04 19:02           ` James Almer
2023-07-04 19:30             ` Marton Balint
2023-07-06 17:01               ` [FFmpeg-devel] [PATCH] avformat/hlsenc: use av_random_bytes() for " Marton Balint
2023-07-14 19:39                 ` Marton Balint
2023-07-03 23:50         ` Michael Niedermayer [this message]
2023-07-04  5:54           ` [FFmpeg-devel] [PATCH 1/2] avformat/hlsenc: fall back to av_get_random_seed() when " Anton Khirnov
2023-07-04  9:08             ` Kieran Kunhya
2023-07-04 14:37             ` James Almer
2023-07-04 15:31               ` Anton Khirnov
2023-07-04 23:50             ` Michael Niedermayer
2023-07-05  9:22               ` Anton Khirnov
2023-07-05 22:54                 ` Michael Niedermayer
2023-07-06  7:52                   ` Anton Khirnov
2023-07-06 23:34                     ` Kieran Kunhya
2023-07-07  0:55                     ` Michael Niedermayer
2023-07-07  8:05                       ` Anton Khirnov
2023-07-07 14:42                         ` Michael Niedermayer
2023-07-03 20:20   ` Marton Balint

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20230703235057.GQ1093384@pb2 \
    --to=michael@niedermayer.cc \
    --cc=ffmpeg-devel@ffmpeg.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Git Inbox Mirror of the ffmpeg-devel mailing list - see https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

This inbox may be cloned and mirrored by anyone:

	git clone --mirror https://master.gitmailbox.com/ffmpegdev/0 ffmpegdev/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 ffmpegdev ffmpegdev/ https://master.gitmailbox.com/ffmpegdev \
		ffmpegdev@gitmailbox.com
	public-inbox-index ffmpegdev

Example config snippet for mirrors.


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git