From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id 14B1B46B97 for ; Tue, 4 Jul 2023 09:09:16 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id F2D6968C5A2; Tue, 4 Jul 2023 12:09:13 +0300 (EEST) Received: from mail-qv1-f54.google.com (mail-qv1-f54.google.com [209.85.219.54]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id DD23268C1C1 for ; Tue, 4 Jul 2023 12:09:07 +0300 (EEST) Received: by mail-qv1-f54.google.com with SMTP id 6a1803df08f44-635ee3baa14so30094546d6.3 for ; Tue, 04 Jul 2023 02:09:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=obe-tv.20221208.gappssmtp.com; s=20221208; t=1688461745; x=1691053745; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=s6xIEVbU90PAvdDkUxkt9gPbX2Yy+409vTIBa7+RBIY=; b=wExtiZgiPwXitIii9UWuVxsLw8VvAZTE1CZWTy1yyYzdy7RuaurcKEXMH7rBr8O95U p0aHtime+hD0x1K2TfjThMDNrSL81kgRQ8SqrSU0p/Ds7VNvdkmJezYbq4Pex/bkmocu mTFCVwSZ1TFv2jCjKiFHZQvIdRqtMVefifiidUnGoixGqyqD1fR/ivPISdHs+At/fLR0 3nUpmvyLzrGhJsq10iyt8qRyHSHofFjeXBCndngHDq80jBGHhZwiPqUr/yQm5ZmIZQ1C 3a5DikP60ErJTNt1FkmZx/RVwmc3UfKHa3cLCIOUhwuGD8LjtY6QlZIMwjUuLzcvJ0NW U/YA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1688461745; x=1691053745; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=s6xIEVbU90PAvdDkUxkt9gPbX2Yy+409vTIBa7+RBIY=; b=MT5sEKx/wxQiaYvDhCH7ZSTKdh8H/+FTfL7Ezq3LxByQCukWMNJRlS4GNiM/7nijod RgSF2tib0mZ4YdKBPn8jGCuvnQV71DaqDOLGSgZj8JXsnaLsyQpihbix88aWNz6ghrrz E/52ePI9zjbIuumAJ21N+56sR1w6PF4FbAKbM/wG5DKNUllodhtNQFXTzL4dx+VJOp3V h6mx+MxCjVfsGxhk3mrhWEs23+zYWYYi8tFRsEawWzkEMQrkBOqWCLaCPRpCMUYo78I2 j0FMgqFQXw+Rtf9h+EZ+BNysSvE+2OcBizqGAyeMBMQMcrty4slX6drxA4N1M3s4+uqi 4mLQ== X-Gm-Message-State: ABy/qLaqtv0gFcgjN9HXEAsNdKUGNyfiUp35A735J46B/3Ux1YdHdOWe pHGYa2tOmxq1Q7FkR92Nvwug/w0doAFQNX8r5SR8ue1Rh/R/Ls9m X-Google-Smtp-Source: APBJJlHal4DPxhnjEKG+6YKlPsnwhpOOh5knte9LBRjvEoIcSl8PV1oJv7CQf6VnDj9ifCed4Tje9y45iLXTaVimoKI= X-Received: by 2002:a0c:e94d:0:b0:634:f124:e5fe with SMTP id n13-20020a0ce94d000000b00634f124e5femr11088720qvo.52.1688461745160; Tue, 04 Jul 2023 02:09:05 -0700 (PDT) MIME-Version: 1.0 References: <20230702193010.11654-1-cus@passwd.hu> <54fe8899-d250-8d62-1157-621deb546040@gmail.com> <168841533190.542.8113031316523716543@lain.khirnov.net> <4b0740-7b32-415b-47af-3199463854b@passwd.hu> <168841859463.9711.12513000520212201640@lain.khirnov.net> <20230703235057.GQ1093384@pb2> <168845004614.542.18132678959456829324@lain.khirnov.net> In-Reply-To: <168845004614.542.18132678959456829324@lain.khirnov.net> From: Kieran Kunhya Date: Tue, 4 Jul 2023 10:08:54 +0100 Message-ID: To: FFmpeg development discussions and patches X-Content-Filtered-By: Mailman/MimeDel 2.1.29 Subject: Re: [FFmpeg-devel] [PATCH 1/2] avformat/hlsenc: fall back to av_get_random_seed() when generating AES128 key X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: On Tue, 4 Jul 2023 at 06:54, Anton Khirnov wrote: > Quoting Michael Niedermayer (2023-07-04 01:50:57) > > On Mon, Jul 03, 2023 at 11:09:54PM +0200, Anton Khirnov wrote: > > > Quoting Marton Balint (2023-07-03 22:54:41) > > > > On Mon, 3 Jul 2023, Anton Khirnov wrote: > > > > My patch use av_get_random_seed() which uses what the underlying OS > > > > provides, BCrypt for Windows, /dev/urandom for Linux, arc4random() > for > > > > BSD/Mac. > > > > > > IOW it's a jungle of various paths, some of which are not guaranteed to > > > be cryptographically secure. I see no such guarantees for arc4random() > > > from a brief web search, and the fallback get_generic_seed() certainly > > > is not either. Granted it's only used on obscure architectures, but > > > still. > > > > > > The doxy even says > > > > This function tries to provide a good seed at a best effort bases. > > > > > > > You really think that these are significantly worse than > > > > OpenSSL/GCrypt, so it should not be allowed to fallback to? > > > > > > I think we should be using cryptographically secure PRNG for generating > > > encryption keys, or fail when they are not available. If you want to > get > > > rid of the openssl dependency, IMO the best solution is a new > > > int av_random(uint8_t* buf, size_t len); > > > that guarantees either cryptographically secure randomness or an error. > > > > "guarantees cryptographically secure randomness" ? > > If one defined "cryptographically secure" as "not broken publically as > of today" > > > > Iam saying that as i think "guarantees" can be misleading in what it > means > > I feel your snark is very much misplaced. > > I recall way more instances of broken crypto caused by overconfident > non-experts with an attitude like yours ("those silly crypto libraries, > broken all the time, how hard can it be really") than by actual > vulnerabilities in actual crypto libraries. > > In fact the highest-profile break I remember (Debian key entropy bug) > was caused precisely by non-experts fiddling with code they did not > understand. > +1 Kieran _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".