Nixpkgs security tracker
NIXPKGS-2026-1718
GitHub issue
published 2 weeks, 4 days ago
by @LeSuisse Activity log
- Created suggestion
- @LeSuisse accepted
- @LeSuisse published on GitHub
Crypt::ScryptKDF versions through 0.010 for Perl uses insecure random number source when no CSPRNG module is available
Crypt::ScryptKDF versions through 0.010 for Perl uses insecure random number source when no CSPRNG module is available. The random_bytes function fell back to using the built-in rand() function when none of the Perl modules Crypt::PRNG, Crypt::OpenSSL::Random, Net::SSLeay, Crypt::Random, or Bytes::Random::Secure were available.
References
Affected products
Crypt-ScryptKDF
- =<0.010
Matching in nixpkgs
pkgs.perlPackages.CryptScryptKDF
Scrypt password based key derivation function
pkgs.perl5Packages.CryptScryptKDF
Scrypt password based key derivation function
pkgs.perl538Packages.CryptScryptKDF
None
pkgs.perl540Packages.CryptScryptKDF
None
Package maintainers
-
@stigtsp Stig Palmquist <stig@stig.io>