From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 24101DDF for ; Tue, 10 Apr 2018 13:50:29 +0000 (UTC) X-Greylist: whitelisted by SQLgrey-1.7.6 Received: from mail-wr0-f181.google.com (mail-wr0-f181.google.com [209.85.128.181]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 6744462A for ; Tue, 10 Apr 2018 13:50:28 +0000 (UTC) Received: by mail-wr0-f181.google.com with SMTP id y55so12903734wry.3 for ; Tue, 10 Apr 2018 06:50:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:openpgp:message-id:date:user-agent :mime-version:in-reply-to:content-transfer-encoding:content-language; bh=Tv/TysL0FLOmltqQu1qX7pR5JWMORyXMamhu9CULEN8=; b=G3s6mDsf02GK3B5ovvF+gs1jLLYonQ4N090wireVHLdQKSoDhqc2e/TKc2P5F/f3Qu +5DKjc+coBLg4oVO3nl00gSym3wWfICAHhz2DxowHVDv6WqSk9nkLKcQFNCVpG/RkcRE i/XXUQm9kEfsrpJBcKn8bG5oZhWmhZpyV6UTMKaPQYD6lOZ6bdLYYjRBvnoSvYbk8AX4 Bzugf4P0LKsVsuB8ahx731YiGIDoJNKNEXK87yUAbP9xiQfa+xEng8gNnnqj3Jp6oky4 mTij/4r79UkrAs0QfODv4L3fCrVzbyoGbF8qdl3XyHfdbsaRTFy1EWehDwZTyUO59+hq Pp4A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:openpgp:message-id :date:user-agent:mime-version:in-reply-to:content-transfer-encoding :content-language; bh=Tv/TysL0FLOmltqQu1qX7pR5JWMORyXMamhu9CULEN8=; b=AeT3c4pMgdFYJTHgIZBy0vCzUVOA2SSDHehGhOpAh78rwWWCJrW3VbKh8+Caw+1BFU aEQVLUTQNc+RNUikkQRU9OCNV/05wYgLZWaS2d9K3ParwxkVjvQp/BHzEg9azBFp9UXZ VkmPf7LvRp7yOQTE3vCYiV7YeM0H+strBLZx+FmgrXv+uNdhHXUJ0NqboHoZHP5VzePx rAVTMpiNVRwDbteApBgTQWNTbbyjBYdKW7w0LFt2FHbETCtJZCqpA0Rb5Y9kslKfr/gA BFjgY2XpjM6ir9htGhPyvocydTACxe5NSFXD+OoACTPTW5AJBSMP8YKycYAm3mxr8s66 b3Zw== X-Gm-Message-State: ALQs6tDxM6VNO3F6Hmvw3U3jujd03T0JeIwagjllGoLj6JGw41emDPH4 njti/SoNfZ8RjGg/7UaY1MlGxw== X-Google-Smtp-Source: AIpwx4+/9S++aeryZnN/MDylLkNBzNGurkAiidGfL0O7ZtZCp2jsNfTSE5Im25D+BwZUb3Bc4kwe7g== X-Received: by 10.223.164.2 with SMTP id d2mr387996wra.182.1523368226708; Tue, 10 Apr 2018 06:50:26 -0700 (PDT) Received: from ?IPv6:2a01:cb1d:44:6500:9d6d:71b2:cb71:cb17? ([2a01:cb1d:44:6500:9d6d:71b2:cb71:cb17]) by smtp.googlemail.com with ESMTPSA id u138sm1429005wmu.24.2018.04.10.06.50.25 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 10 Apr 2018 06:50:26 -0700 (PDT) To: Jason Davies References: <84976adb75bef1dfdb12b98c19811278@national.shitposting.agency> <921edfdb-e0e5-8ce4-55d8-ba4e84ef633f@musalbas.com> <010e34a3-f9cf-fba1-5482-de06bc350d64@musalbas.com> <69fb5cc4-7b3d-e23d-2b7e-cddcd7b2877b@musalbas.com> <333F9973-6092-45B7-A87F-32730D752501@jasondavies.com> <33a9f602-6185-cac5-e457-e5a9af047dbc@gmail.com> From: Aymeric Vitte Openpgp: preference=signencrypt Message-ID: Date: Tue, 10 Apr 2018 15:50:40 +0200 User-Agent: Mozilla/5.0 (Windows NT 6.3; rv:52.0) Gecko/20100101 Thunderbird/52.7.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Content-Language: fr X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, FREEMAIL_FROM, RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Cc: Bitcoin Protocol Discussion Subject: Re: [bitcoin-dev] KETAMINE: Multiple vulnerabilities in SecureRandom(), numerous cryptocurrency products affected. X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Protocol Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Apr 2018 13:50:29 -0000 Indeed, this impacts jsbn only normally since all others from the time getRandomValues was available are supposed to implement both Le 10/04/2018 à 15:32, Jason Davies a écrit : >>> Note that even with v1.4, it still does not use high-quality entropy for >>> Internet Explorer, because getRandomValues is provided under window.msCrypto >>> for that browser. >> I don't know for that one, what was the issue? > I simply meant that Internet Explorer implements the Web Cryptography API under > window.msCrypto instead of window.crypto. Thus, unless > msCrypto.getRandomValues is used, high-quality entropy will not have been used > by any of these libraries under Internet Explorer. > > -- > Jason Davies, https://www.jasondavies.com/ > -- Bitcoin transactions made simple: https://github.com/Ayms/bitcoin-transactions Zcash wallets made simple: https://github.com/Ayms/zcash-wallets Bitcoin wallets made simple: https://github.com/Ayms/bitcoin-wallets Get the torrent dynamic blocklist: http://peersm.com/getblocklist Check the 10 M passwords list: http://peersm.com/findmyass Anti-spies and private torrents, dynamic blocklist: http://torrent-live.org Peersm : http://www.peersm.com torrent-live: https://github.com/Ayms/torrent-live node-Tor : https://www.github.com/Ayms/node-Tor GitHub : https://www.github.com/Ayms