RavenDB Security Report: Collision in Certificate Serial Numbers

added by DotNetKicks
4/6/2018 2:12:44 PM

1 Kicks, 199 Views

Where the random is a cryptographically secured random number generator. The problem here is that this BigInteger constructor uses bits length, not bytes length. And that resulted in a security "fix" that actually much worse than the previous situation (you only need a bit over a thousand tries to generate a collision).