You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The PC/SC server ran by the Smart Card Connector app seems to reuse the same numeric values for PC/SC session or card handles too frequently. Those handles are intended to be random, so while this reuse doesn't present an immediate problem, it may slightly affect security protection or lead to unexpected situations in client applications (in case they aren't handling such situations correctly).
Moreover, it's even not that rare that the same numeric value is exposed as both a session handle and a card handle at the same time. While this is still technically valid, client applications may not be coded carefully enough to handle this situation.
Therefore we need to make sure that the PC/SC handles returned by the Connector app are fully random.
The text was updated successfully, but these errors were encountered:
There was a problem that rand() was returning duplicate values, leading
to our PC/SC-Lite NaCl port trying to reuse handles very frequent.
While it's not well understood what's the root cause of the issues with
rand() - it may be either a problem with the NaCl toolchain or in our
PC/SC-Lite NaCl port - this patch fixes this issue by switching away
from using rand()/srand() onto C++11 random number generators. We just
use std::random_device directly for the sake of simplicity, since the
random generation isn't a hot codepath in our app.
This fixes issue #65.
The PC/SC server ran by the Smart Card Connector app seems to reuse the same numeric values for PC/SC session or card handles too frequently. Those handles are intended to be random, so while this reuse doesn't present an immediate problem, it may slightly affect security protection or lead to unexpected situations in client applications (in case they aren't handling such situations correctly).
Moreover, it's even not that rare that the same numeric value is exposed as both a session handle and a card handle at the same time. While this is still technically valid, client applications may not be coded carefully enough to handle this situation.
Therefore we need to make sure that the PC/SC handles returned by the Connector app are fully random.
The text was updated successfully, but these errors were encountered: