Skip to content

/cryptiles

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

randomDigits() generates biased random digits #34

Closed
hueniverse opened this issue Jun 24, 2018 · 2 comments
Closed

randomDigits() generates biased random digits #34

hueniverse opened this issue Jun 24, 2018 · 2 comments
Assignees
@hueniverse
Labels
bug security
Milestone
4.1.2

Comments

@hueniverse
Copy link
Member

@hueniverse hueniverse commented Jun 24, 2018
edited

Reported by Microsoft Vulnerability Research: MSVR 45977.

The randomDigits() method generates digits that lack a perfect distribution over enough attempts.
@hueniverse hueniverse added this to the 4.1.2 milestone Jun 24, 2018
@hueniverse hueniverse self-assigned this Jun 24, 2018
@ddillard

This comment has been minimized.

Sign in to view
Copy link

@ddillard ddillard commented Jun 25, 2018

Is there going to be a CVE for this issue?
@ddillard

This comment has been minimized.

Sign in to view
Copy link

@ddillard ddillard commented Jul 9, 2018

This issue has been assigned CVE-2018-1000620
@lynxlynxlynx lynxlynxlynx mentioned this issue Sep 11, 2018
Open
@yonjah yonjah mentioned this issue Sep 25, 2018
Closed
This was referenced Oct 8, 2018
Open
Open
Open
@cookiemonster cookiemonster mentioned this issue Oct 13, 2018
Closed
@davidwatkins73 davidwatkins73 mentioned this issue Oct 25, 2018
Closed
@hueniverse hueniverse mentioned this issue Nov 2, 2018
Closed
hueniverse added a commit that referenced this issue Nov 2, 2018
@hueniverse
Backport fix #34. Closes #35
cb6bd64
@PoorPocketsMcNewHold PoorPocketsMcNewHold mentioned this issue Feb 9, 2019
Open
@diestrin diestrin mentioned this issue Feb 24, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@hueniverse hueniverse

Labels
bug security
Projects
None yet
Milestone
  4.1.2
2 participants
@hueniverse @ddillard
You can’t perform that action at this time.