Improve entropy security and increase CCM tag length

Chris Clark · geertweening · commit c7ba82232088 · 2015-04-24T15:44:06.000-07:00
diff --git a/src/js/ripple/crypt.js b/src/js/ripple/crypt.js
@@ -12,7 +12,7 @@ var Crypt       = { };
 var cryptConfig = {
   cipher : 'aes',
   mode   : 'ccm',
-  ts     : 64,   // tag length
+  ts     : 128,  // tag length
   ks     : 256,  // key size
   iter   : 1000  // iterations (key derivation)
 };
@@ -60,12 +60,9 @@ function keyHash(key, token) {
  * add entropy at each call to get random words
  * @param {number} nWords
  */
-function randomWords (nWords) {
-  for (var i = 0; i < 8; i++) {
-    sjcl.random.addEntropy(Math.random(), 32, "Math.random()");
-  }  
-  
-  return sjcl.random.randomWords(nWords);  
+function randomWords(nWords) {
+  var PARANOIA_256_BITS = 6; // sjcl constant for ensuring 256 bits of entropy
+  return sjcl.random.randomWords(nWords, PARANOIA_256_BITS);
 }
 
 /****** exposed functions ******/
@@ -113,9 +110,10 @@ Crypt.derive = function(opts, purpose, username, secret, fn) {
   }
 
   var iRandom;
+  var PARANOIA_256_BITS = 6; // sjcl constant for ensuring 256 bits of entropy
 
   for (;;) {
-    iRandom = sjcl.bn.random(iModulus, 0);
+    iRandom = sjcl.bn.random(iModulus, PARANOIA_256_BITS);
     if (iRandom.jacobi(iModulus) === 1) {
       break;
     }
diff --git a/src/js/ripple/message.js b/src/js/ripple/message.js
@@ -67,7 +67,9 @@ Message.signHash = function(hash, secret_key, account) {
     secret_key = Seed.from_json(secret_key).get_key(account)._secret;
   }
 
-  var signature_bits = secret_key.signWithRecoverablePublicKey(hash);
+  var PARANOIA_256_BITS = 6; // sjcl constant for ensuring 256 bits of entropy
+  var signature_bits = secret_key.signWithRecoverablePublicKey(hash,
+    PARANOIA_256_BITS);
   var signature_base64 = sjcl.codec.base64.fromBits(signature_bits);
 
   return signature_base64;
diff --git a/src/js/ripple/remote.js b/src/js/ripple/remote.js
@@ -1760,19 +1760,7 @@ Remote.prototype._serverPrepareSubscribe = function(server, callback) {
   function serverSubscribed(message) {
     self._stand_alone = !!message.stand_alone;
     self._testnet = !!message.testnet;
-
-    if (typeof message.random === 'string') {
-      var rand = message.random.match(/[0-9A-F]{8}/ig);
-
-      while (rand && rand.length) {
-        sjcl.random.addEntropy(parseInt(rand.pop(), 16));
-      }
-
-      self.emit('random', utils.hexToArray(message.random));
-    }
-
     self._handleLedgerClosed(message, server);
-
     self.emit('subscribed');
   }
 

Original file line number	Diff line number	Diff line change
`@@ -67,7 +67,9 @@ Message.signHash = function(hash, secret_key, account) {`
`67`	`67`	`secret_key = Seed.from_json(secret_key).get_key(account)._secret;`
`68`	`68`	`}`
`69`	`69`
`70`		`- var signature_bits = secret_key.signWithRecoverablePublicKey(hash);`
	`70`	`+ var PARANOIA_256_BITS = 6; // sjcl constant for ensuring 256 bits of entropy`
	`71`	`+ var signature_bits = secret_key.signWithRecoverablePublicKey(hash,`
	`72`	`+ PARANOIA_256_BITS);`
`71`	`73`	`var signature_base64 = sjcl.codec.base64.fromBits(signature_bits);`
`72`	`74`
`73`	`75`	`return signature_base64;`