Unsafe random bit generation algorithms

December 18, 2013 / Pavankumar 12 Comments

  Security | Adobe ColdFusion 10

ColdFusion Enterprise installation includes FIPS compliant RSA BSAFE JCE Crypto Provider. Default algorithm used by this library for random number generation is ECDRBG (A variant of Dual Elliptic Curve).  RSA has released an advisory regarding same (ESA-2013-068) listing unsafe random bit generation algorithms. 

ColdFusion sets the default random number generator algorithm to FIPS186Random (JVM argument -Dcoldfusion.jsafe.defaultalgo=<algorithm>) which is completely safe to use.  So good news is by default your ColdFusion 10 installation is secure. Note that CrypotJ libraries are not available in Standard installation of ColdFusion. 

ColdFusion 9 family uses BSafe library 3.6 which doesn’t make use of ECDRBG based algorithms. It uses SHA1PRNG as default random number generation algorithm. There is no impact on coldfusion 9. JVM argument -Dcoldfusion.jsafe.defaultalgo is not available in ColdFusion 9 family.

Following table lists unsafe random bit generation algorithms.

Algorithm Identifier Algorithm
ECDRBG Dual EC DRBG (128 Bit)
ECDRBG128 Dual EC DRBG (128 Bit Default)
ECDRBG192 Dual EC DRBG (192 bit)
ECDRBG256 Dual EC DRBG (256 bit)

Pete from CF community has also blogged about the same here

Other Links:

http://csrc.nist.gov/publications/PubsDrafts.html#SP-800-90-A%20Rev%201%20B%20and%20C

http://en.wikipedia.org/wiki/Dual_EC_DRBG


12 comments so far ↓

  • 1 Adam Cameron // Dec 17, 2013 at 2:24 AM
    What are the ramifications of this?

    --
    Adam
  • 2 Pavankumar // Dec 17, 2013 at 2:56 AM
    NIST has recommended not to use the dual elliptic curve deterministic random bit generation algorithms as they contain a backdoor. With this backdoor one can infer the state of the PRNG by observing a few outputs.

    Reference:
    http://en.wikipedia.org/wiki/Dual_EC_DRBG
  • 3 Peter Boughton // Dec 17, 2013 at 4:10 AM
    Please confirm:

    1. Does this affect default installs, where the setting has not been modified?

    2. Does this affect CF9, or is it related to CF10 only?
  • 4 Adam Cameron // Dec 17, 2013 at 4:33 AM
    The more I read this blog article, the less I think I understand. I dunno if it's because I'm thick, or it's because the English is very unclear.

    What are you actually trying to say here? Do we need to change our JVM.config args to include this coldfusion.jsafe.defaultalgo=FIPS186random setting?

    I don't want to sound rude, but might it be an idea to get someone who's a bit more comfortable with "International English" to rewrite this? The Indian English approach of omitting articles (ie: "A" and "The") make it a bit hard to untangle the meaning of text, sometimes. And I don't think it's helping here.

    Forget about all the NIST stuff... just tell us what we need to do, if anything. EG: "if you have this config, you need to change this; if you have this other config, then you don't need to do anything", etc. Also - as Peter alludes to - which versions of CF are impacted, etc, is kinda essential info too.

    --
    Adam
  • 5 Pete Freitag // Dec 17, 2013 at 10:04 AM
    I know you want to hear answers to your questions from Adobe, but I've written up my research on this issue here: http://www.petefreitag.com/item/827.cfm

    This issue does also apply to CF9 and CF8 since they also include RSA's BSafe libraries (In CF Enterprise), the CF8,9,10 installations I checked already had coldfusion.jsafe.defaultalgo=FIPS186random set, but you should double check your installations.
  • 6 Peter Boughton // Dec 17, 2013 at 10:27 AM
    Thanks Pete - clear, coherent and understandable.

    Hopefully Adobe can learn from your example for next time.
  • 7 Adam Cameron // Dec 17, 2013 at 11:11 AM
    I'd just like to second what Peter says, Peter (err... you know what I mean). *Now* I understand the issue.

    Adobe: I'm sure you can compare the two blog articles, and see what I mean. Maybe you should engage Peter to write your security-oriented blog articles in future.

    Cheers.

    --
    Adam
  • 8 Carl Von Stetten // Dec 17, 2013 at 12:48 PM
    The post also doesn't clarify that this only applies to CF Enterprise. As Pete Freitag points out in his blog post, only CF Enterprise ships with the RSA BSAFE crypto provider.
  • 9 Adam Cameron // Dec 17, 2013 at 2:08 PM
    @Carl: oh right. So one has to question why this article takes pains to deal with Standard, and specifically glosses-over Enterprise.

    TBH, just in case people don't read the comments, I think Adobe should take down this article and replace it with a copy of Pete's.

    This article perhaps does more harm than good, if indeed it has achieved anything at all beyond stirring the community's "WTF" response, and encouraging Pete to release his own article.

    --
    Adam
  • 10 Adam Cameron // Dec 17, 2013 at 2:11 PM
    Also just found myself wondering... has Shilpi been sacked as "Security Tsar"? I dunno who Pavankumar is, but I would have thought the security boss would be releasing this sort of announcement. And... erm... maybe following-up client questions..?

    --
    Adam
  • 11 Shilpi Khariwal // Dec 18, 2013 at 5:40 AM
    Thanks for all the inputs Adam! we will look into this. As I will be going on my maternity leave end of this month, Pavan is taking over Security work for now. I am neither "sacked" nor "resigning" as "Securiy CZar" and I am proud to be Security Czar of ColdFusion. :)
  • 12 Pete Freitag // Dec 18, 2013 at 7:49 AM
    @Shilpi - Congratulations! Didn't know you were expecting, is this your first?

    @Adam / @Carl - I think what Pavan meant by ColdFusion standard installation... is the Default ColdFusion installation, not Standard vs Enterprise.

    Guys - let's not overlook that this is good news, security issue averted by Adobe's defaults.

    I agree it could have been communicated more clearly and with more info. I brought this issue to Adobe last week after doing my research on it, so I had already spent a lot of time looking into this. My blog entry wasn't an attempt to clarify this one, I was nearly finished with it when I found this blog entry.

Leave a Comment

Leave this field empty:

Blue Mango Theme Design By Mark Aplet

Super Powered by Mango Blog