yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1368076] Re: [Security-NIST]nova/virt/xenapi/agent.py does not fit the NIST about random

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Thierry Carrez <thierry.carrez+lp@xxxxxxxxx>
Date: Thu, 11 Sep 2014 12:26:05 -0000
Reply-to: Bug 1368076 <1368076@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

This feels like an interesting security strengthening, but I'm not sure
there currently is an exploitable vulnerability here, so no need for a
security advisory ?

** Changed in: ossa
       Status: New => Incomplete

** Also affects: nova
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1368076

Title:
  [Security-NIST]nova/virt/xenapi/agent.py does not fit the NIST about
  random

Status in OpenStack Compute (Nova):
  New
Status in OpenStack Security Advisories:
  Incomplete

Bug description:
   def generate_private(self):
          self._private = int(binascii.hexlify(os.urandom(10)), 16)
          return self._private

  The function 'generate_private' is aiming to generate a random key for Diffie Hellman
  encryption. But os.urandom implementes by query /dev/urandom which is unblocking GNG might did fit NIST.

To manage notifications about this bug go to:
https://bugs.launchpad.net/nova/+bug/1368076/+subscriptions

yahoo-eng-team team mailing list archive

[Bug 1368076] Re: ﻿[Security-NIST]nova/virt/xenapi/agent.py does not fit the NIST about random

[Bug 1368076] Re: [Security-NIST]nova/virt/xenapi/agent.py does not fit the NIST about random