-
-
Notifications
You must be signed in to change notification settings - Fork 198
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Switch to cryptographically strong PRNG #102
Comments
Hi @gavv i will send a pr for this, thanks. |
Q: I don't quite understand the original |
@fusuiyi123 Hi, you're welcome.
We generate a random number in range [0; 2^32) and assign it to
If
Then we can use |
Hi @gavv sorry if I ask dumb question. , source_((packet::source_t)core::random(packet::source_t(-1)))
, seqnum_((packet::seqnum_t)core::random(packet::seqnum_t(-1)))
, timestamp_((packet::timestamp_t)core::random(packet::timestamp_t(-1))) { these 3 var are assigned random number. Now we want to replace them with |
You can look at current core::random() implementation (which we should rename to core::fast_random()). I think we need something similar, but using |
hmm I am new to this concept, how to transform bytes |
After this call, The next step is to generate a uniformly-distributed random numbers in range [from; to] based on this. We can use the same technique with a loop, as we do in current To be honest, that's a bit strange question to me. If you feel new to C or C++, I can recommend you a few good books on them. |
thanks I finally understand it.. please recommend me a c++ book:) |
I've sent you an email. |
thanks! I met an issue: though I have |
I saw this is |
Oh, I didn't notice that this is a new function. So you're using an older libuv? Then let's do the following:
|
Later we'll add an optional alternative secure_random() implementation using OpenSSL, so it'll be possible to have a correct implementation even with old libuv. |
Thanks so much, I raised a pr and listed my question over there. |
FYI: 90e5533 (pushed to develop) |
PR is merged. |
Issue: roc-streaming#102
Issue: roc-streaming#102
@fusuiyi123 FYI: #364 |
Issue: roc-streaming#102
Issue: roc-streaming#102
Issue: roc-streaming#102
Issue: roc-streaming#102
Issue: roc-streaming#102
Issue: roc-streaming#102
Issue: roc-streaming#102
Issue: roc-streaming#102
Issue: roc-streaming#102
Issue: roc-streaming#102
Problem
In RTP, the SSRC value and the initial value for seqnums and timestamps should be random.
Here is what RFC 3550 says about seqnums:
These requirements have security reasons. The RFC recommends using a cryptographically strong PRNG (CSPRNG), but currently our PRNG is uniform but not cryptographically strong.
Solution
We already use libuv, which also provides CSPRNG: http://docs.libuv.org/en/v1.x/misc.html#c.uv_random
Here is what we should do:
Rename current PRNG:
roc_core/target_posix/roc_core/random.h|cpp
toroc_core/target_posix/roc_core/fast_random.h|cpp
andcore::random()
tocore::fast_random()
.Add
roc_core/target_libuv/roc_core/secure_random.h|cpp
withcore::secure_random()
. Implement is using synchronous version ofuv_random()
(setloop
,req
, andcb
to NULL).Use
secure_random()
instead offast_random()
inaudio::Packetizer
andfec::Writer
.The text was updated successfully, but these errors were encountered: