Vigil@nce - Bouncy Castle: vulnerability of CTR DRBG
March 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can predict randoms generated by the CTR DRBG of
Bouncy Castle.
Impacted products: Bouncy Castle JCE
Severity: 2/4
Creation date: 02/03/2015
DESCRIPTION OF THE VULNERABILITY
The Bouncy Castle library implements a DRBG (Deterministic Random
Bit Generator) using a counter (CTR).
A vulnerability in CTR DRBG of Bouncy Castle was announced.
Technical details are unknown.
An attacker can therefore predict randoms generated by the CTR
DRBG of Bouncy Castle.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Bouncy-Castle-vulnerability-of-CTR-DRBG-16289