Skip Menu |

This queue is for tickets about the Crypt-DSA CPAN distribution.

Report information
The Basics
Id: 71421
Status: open
Priority: 0/
Queue: Crypt-DSA

Owner: Nobody in particular
Requestors: H.LiebermanBerg [...]

Bug Information
Severity: Critical
Broken in: 1.17
Fixed in: (no value)

Subject: Systems without /dev/random may leak secret key
Download (untitled) / with headers
text/plain 684b
As taught by the '09 Debian PGP disaster relating to DSA, the randomness source is extremely important. On systems without /dev/random, Crypt::DSA falls back to using Data::Random. Data::Random uses rand(), about which the perldoc says "rand() is not cryptographically secure. You should not rely on it in security-sensitive situations." In the case of DSA, this is even worse. Using improperly secure randomness sources can compromise the signing key upon signature of a message. See: I will provide a patch to disable this fallback. Bug 21968 should be closed as INVALID. Sincerely, Harlan Lieberman-Berg
From: H.LiebermanBerg [...]
Patch is attached. Best, -Harlan
Subject: remove-fallback.patch
Description: Remove the ability to fall back to Data::Random Forwarded: yes Bug: Author: Harlan Lieberman-Berg <> --- a/lib/Crypt/DSA/ +++ b/lib/Crypt/DSA/ @@ -64,11 +64,8 @@ } close $fh; } - elsif ( require Data::Random ) { - $r .= Data::Random::rand_chars( set=>'numeric' ) for 1..$bytes; - } else { - croak "makerandom requires /dev/random or Data::Random"; + croak "makerandom requires /dev/random"; } my $down = $size - 1; $r = unpack 'H*', pack 'B*', '0' x ( $size % 8 ? 8 - $size % 8 : 0 ) .
From: paul [...]
This issue has been assigned CVE reference CVE-2011-3599
I bumped Adam about getting a release out on this CVE.

This service is sponsored and maintained by Best Practical Solutions and runs on infrastructure.

Please report any issues with to