Jump to content


Popular Content

Showing content with the highest reputation on 10/25/20 in all areas

  1. You are right. The code I posted in this thread is indeed useless. You can't trust RDRAND to return some random values. It was a bad idea. It is never used as unique source of entropy in mORMot. Just as part of a lot of entropy gathering. Here is the documentation of mORMot about the initialization of our cryprographic AES-based PRNG: /// retrieve some entropy bytes from the Operating System // - entropy comes from CryptGenRandom API on Windows, and /dev/urandom or // /dev/random on Linux/POSIX // - this system-supplied entropy is then XORed with the output of a SHA-3 // cryptographic SHAKE-256 generator in XOF mode, of several entropy sources // (timestamp, thread and system information, SynCommons.Random32 function) // unless SystemOnly is TRUE // - depending on the system, entropy may not be true randomness: if you need // some truly random values, use TAESPRNG.Main.FillRandom() or TAESPRNG.Fill() // methods, NOT this class function (which will be much slower, BTW) class function GetEntropy(Len: integer; SystemOnly: boolean=false): RawByteString; virtual; https://github.com/synopse/mORMot/blob/ecc375adc96e5b78d63dd58a88418874a0f622d8/SynCrypto.pas#L1114 And about RDRAND, when mORMot checks the CPUID, it also runs RDRAND and if it fails to return random values, it unset its internal flag, and it will never be used, and not used as entropy. It is even worse on AMD, which can have CF=1 but always return 0 or -1 !!! So in practice, mORMot seems to follow your wise suggestions. My answer in this thread, and my RDRAND use was confusing, for sure. 🙂
  2. Hi, I have been developing a server for automating Whatsapp tasks (sending message/ receiving message). Here is the feature list: Sending message to number in contact list or not Tracking sent message status (sent/delivered/viewed/error) Can send both text or image/video/document messages Inbound message notification No template required No sending fee Here is the demo video: https://1drv.ms/v/s!AttbCTDGUJ-LgY07PJaTqzDZ88fU3Q?e=jyMVX1 If anyone would like to buy the source code, please send me a message. I will send the demo application! Sincerely
  3. I have been using WordPress for this blog for several years and always thought my setup was reasonably secure. Turns out that there is something called the WordPress REST API which allows to get quite a lot information about the installation without any security at all. Read on in the blog post.
  4. Anyone know how to detect specific update version in compiler defines. I'm already doing {$IF CompilerVersion >= 25.0} but I need to detect compiling under 10.2.2 vs 10.2.3 etc
  5. Unfortunately, I’m not in a position to discuss your internal design for the great mORMot library. So literally I’m just going to speak theoretically. You used a DRNG instead of PRNG(LCG or whatever) -because you wanted a true RNG- to initialize an entropy source(ES) right ? What I’m seeing here is that your implementation breaks two fundamental rule of RNG : uniform distribution and unpredictable sequence ! How ? by counting 0 as TRN. This technically makes your ES vulnerable for backdoor ! - An attacker may predicate 0 just because he knows that when RDRAND fails, it returns 0. - What if he is knowing how to make RDRAND fail ? Now your ES is filled with zeros ! Intel didn’t describe all the circumstances that may lead to a failure. All what we know for now is a failure is expected if RN is not available didn’t pass the self-test ? In fact many people questioned Intel intentions when it putted some pressure on Linux kernel to use RDRAND/RDSEED … Eventually many concluded that a 3rd party (NSA?) was involved and may predicate/influence the output !!! Just google for the reason why the Linux kernel chipped out RDRAND/RDSEED. If you permit me, I’d like to give some suggestions: - Change the implementation by checking for CF and doing 10 time attempt when CF=0. I believe this will cost nothing compared to the additional security you get. BTW, that’s what Intel recommends: - Add another (optional) way to initialize the ES : e.g : CSPRNG, OS random data.
  6. It is secure, i said to convert it to "bad ass one", it still has weak points, two to be exact, both are hard to perform an attack against but they are still valid. 1) Backtracking or called lack of forward security ( it been named many things), this about if current state had been compromised or disclosed, can you read the past state? with simple AESCTR yes you can. 2) Future prediction, this valid if current state had been compromised again for the current state then CTR mode will make the life easier to predict or test against next state, this is valid collision attack and using CTR will give attacker an shorter method to test about key (although it is not a key) for current state and the next one, this is one example. Let that pdf alone, it is very hard to process, the math there is complicated but the figure 4 is brilliant to show prediction path aka attacked leakage path, so in very simple and naive way to explain it, draw a horizontal line in the middle of that finite group, and will see that these paths lost had their values, as they become short insufficient to build on, again this is very simple way to explain, and at page 8 the author suggested to use two initialization vectors instead of one (IV0 and IV1) for the same reason, and that is interesting way to secure the initialization from the seed, now when i suggested cut in half, the other half which can't be used to build paths on, but will be used in next state, means the same uniformly ratio of noise will be mixed in parallel (not in threading means) but for a side attack it will be seen the same noise from two parts with no way to distinguish the source. I would suggest that you have look at "NIST SP 800-90A" https://csrc.nist.gov/publications/detail/sp/800-90a/rev-1/final and specially about that part, referring to "8.8 Prediction Resistance and Backtracking Resistance" page 23, that does have nice explanation and better than ever i can write in English. And another paper which is very valuable one, as it does target developer more than mathematician, it also does compare its proposed algorithm against few other PRNGs and CPRNGs, a rare and hard to find comparison, yet it is a little bit biased, but the author has his rights. https://www.researchgate.net/publication/328091514_Randen_-_fast_backtracking-resistant_random_generator_with_AESFeistelReverie Make notice of the benchmark and how PCG perform against the proposed algorithm "Randen", in the end of the paper there is the algorithm, also there is this https://github.com/google/randen Hope you like that and find it helpful in answering your points. ps: It might, but on other hand it is still in range of predictable addition value, i would prefer to use published, vetted and peer reviewed papers to build. And the point is going around the following, if an attack is possible to perform with 1 addition, two adding two might be harder but then again adding 3 is better and 4 even better, where to stop?, lets jump to best value to add, it is half of a block, that wasn't disclosed !
  7. I don't see how enabling basic authentication would make the web site more secure. The password is sent as plain in the headers, just base-64 encoded, so there is no benefit. If just adding a password would make something more secure... it would have been used everywhere. The best security advice, which is not on your blog post, is to maintain your WP installation up-to-date, with all the security fixes.
  8. Guess what? The new GExperts release is here. There are lots of bug fixes and a few new features in the new version. https://blog.dummzeuch.de/2020/10/23/gexperts-1-3-17-experimental-twm-2020-10-23-released/
  9. David Heffernan


    You don't need to call Release in Delphi code. The compiler manages that for you.
  10. Kas Ob.


    It is documented, from https://docs.microsoft.com/en-us/windows/win32/api/propsys/nn-propsys-ipropertystore and from https://docs.microsoft.com/en-us/windows/win32/api/unknwn/nn-unknwn-iunknown IPropertyStore should be released at its own like any Interface, just you need to refactor the code between CoInitialize and Couninitialize into new function, to make sure that local variables ("Store: IPropertyStore") in the new function is released before calling Couninitialize, that is the safe and sure way to cleanup COM in Delphi.
  11. Most of them. You're scaling a 31-bit integer value in the approximate range 0..X-1 to the range 0..2^64-1 A lot of things wasn't mentioned. For example here's my solution which satisfies all the criteria that was mentioned: The result is 64-bit unsigned. It's cross platform. It compiles with FPC. It's random (for a large enough sample size). and as a bonus It's super fast. function SuperRandom: UInt64; begin Result := 1; end; (sorry - it's Friday)