Step1, pam_unix srandomdev fix for review
Bug: srandomdev() can't be used in libraries because it touch internal RNG state which may be used by user program which not want true randomness but pseudo one. Fix: srandomdev() removed, random() replaced by arc4random() which initialize itself from true randomness automatically. --- pam_unix.c.old Sat Jan 19 21:29:49 2002 +++ pam_unix.c Sun Jan 20 21:42:47 2002 @@ -502,15 +502,14 @@ syslog(LOG_ERR, cannot set password cipher); login_close(lc); /* Salt suitable for anything */ - srandomdev(); gettimeofday(tv, 0); - to64(salt[0], random(), 3); + to64(salt[0], arc4random(), 3); to64(salt[3], tv.tv_usec, 3); to64(salt[6], tv.tv_sec, 2); - to64(salt[8], random(), 5); - to64(salt[13], random(), 5); - to64(salt[17], random(), 5); - to64(salt[22], random(), 5); + to64(salt[8], arc4random(), 5); + to64(salt[13], arc4random(), 5); + to64(salt[17], arc4random(), 5); + to64(salt[22], arc4random(), 5); salt[27] = '\0'; pwd-pw_passwd = crypt(pass, salt); @@ -596,15 +595,14 @@ syslog(LOG_ERR, cannot set password cipher); login_close(lc); /* Salt suitable for anything */ - srandomdev(); gettimeofday(tv, 0); - to64(salt[0], random(), 3); + to64(salt[0], arc4random(), 3); to64(salt[3], tv.tv_usec, 3); to64(salt[6], tv.tv_sec, 2); - to64(salt[8], random(), 5); - to64(salt[13], random(), 5); - to64(salt[17], random(), 5); - to64(salt[22], random(), 5); + to64(salt[8], arc4random(), 5); + to64(salt[13], arc4random(), 5); + to64(salt[17], arc4random(), 5); + to64(salt[22], arc4random(), 5); salt[27] = '\0'; if (suser_override) -- Andrey A. Chernov http://ache.pp.ru/ To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
Re: Step1, pam_unix srandomdev fix for review
Bug: srandomdev() can't be used in libraries because it touch internal RNG state which may be used by user program which not want true randomness but pseudo one. Fix: srandomdev() removed, random() replaced by arc4random() which initialize itself from true randomness automatically. This works, but strikes me as overkill. This is salt, not cryptographic randomness, so 'srandom(junk)' is most likely better as a replacement for srandomdev() (where 'junk' can be time(), pid or anything similar). Salt's purpose is to make pre-computing a dictionary infeasable from the pure space perspective. M --- pam_unix.c.oldSat Jan 19 21:29:49 2002 +++ pam_unix.cSun Jan 20 21:42:47 2002 @@ -502,15 +502,14 @@ syslog(LOG_ERR, cannot set password cipher); login_close(lc); /* Salt suitable for anything */ - srandomdev(); gettimeofday(tv, 0); - to64(salt[0], random(), 3); + to64(salt[0], arc4random(), 3); to64(salt[3], tv.tv_usec, 3); to64(salt[6], tv.tv_sec, 2); - to64(salt[8], random(), 5); - to64(salt[13], random(), 5); - to64(salt[17], random(), 5); - to64(salt[22], random(), 5); + to64(salt[8], arc4random(), 5); + to64(salt[13], arc4random(), 5); + to64(salt[17], arc4random(), 5); + to64(salt[22], arc4random(), 5); salt[27] = '\0'; pwd-pw_passwd = crypt(pass, salt); @@ -596,15 +595,14 @@ syslog(LOG_ERR, cannot set password cipher); login_close(lc); /* Salt suitable for anything */ - srandomdev(); gettimeofday(tv, 0); - to64(salt[0], random(), 3); + to64(salt[0], arc4random(), 3); to64(salt[3], tv.tv_usec, 3); to64(salt[6], tv.tv_sec, 2); - to64(salt[8], random(), 5); - to64(salt[13], random(), 5); - to64(salt[17], random(), 5); - to64(salt[22], random(), 5); + to64(salt[8], arc4random(), 5); + to64(salt[13], arc4random(), 5); + to64(salt[17], arc4random(), 5); + to64(salt[22], arc4random(), 5); salt[27] = '\0'; if (suser_override) -- Andrey A. Chernov http://ache.pp.ru/ -- o Mark Murray \_ FreeBSD Services Limited O.\_Warning: this .sig is umop ap!sdn To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
Re: Step1, pam_unix srandomdev fix for review
On Sun, Jan 20, 2002 at 19:55:31 +, Mark Murray wrote: This works, but strikes me as overkill. This is salt, not cryptographic randomness, so 'srandom(junk)' is most likely better as a replacement for srandomdev() (where 'junk' can be time(), pid or anything similar). You can't call srandom() from the libraries for the same purposes as srandomdev(), i.e. it damages user application current RNG state in the same way. I mean this: 1) User call srandom(3) 2) Library calls srandomdev() or srandom(123) Second step is effectively damages srandom(3) RNG state. -- Andrey A. Chernov http://ache.pp.ru/ To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
Re: Step1, pam_unix srandomdev fix for review
On Sun, Jan 20, 2002 at 19:55:31 +, Mark Murray wrote: This works, but strikes me as overkill. This is salt, not cryptographic randomness, so 'srandom(junk)' is most likely better as a replacement for srandomdev() (where 'junk' can be time(), pid or anything similar). You can't call srandom() from the libraries for the same purposes as srandomdev(), i.e. it damages user application current RNG state in the same way. Hmm. OK. Do you understand, though, why the salt does not need cryptographic randomness? Another patch of yours replaced sprintf with a faster strlcpy, but this uses the _much_ slower arc4random() which is not necessary IMO. How about just using pid's or something? The original crypt(3) salt quantised the time-of-day into 4096 pieces for the salt - how about doing something like that? UUEncode time()|pid()|getuid() might work just fine. I mean this: 1) User call srandom(3) 2) Library calls srandomdev() or srandom(123) Second step is effectively damages srandom(3) RNG state. -- Andrey A. Chernov http://ache.pp.ru/ -- o Mark Murray \_ FreeBSD Services Limited O.\_Warning: this .sig is umop ap!sdn To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
Re: Step1, pam_unix srandomdev fix for review
On Sun, Jan 20, 2002 at 20:34:35 +, Mark Murray wrote: The original crypt(3) salt quantised the time-of-day into 4096 pieces for the salt - how about doing something like that? UUEncode time()|pid()|getuid() might work just fine. I agree. But I don't plan to improve PAM in this my fix, I just want to unbreak application first. Someone else can do what you suggest afterwards. In which case, please don't make your commit. I understand the problem, and disagree with the fix, so I'll fix it in a different way myself. Ok, but please don't forget it. -- Andrey A. Chernov http://ache.pp.ru/ To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
Re: Step1, pam_unix srandomdev fix for review
Andrey A. Chernov wrote: On Sun, Jan 20, 2002 at 19:55:31 +, Mark Murray wrote: This works, but strikes me as overkill. This is salt, not cryptographic randomness, so 'srandom(junk)' is most likely better as a replacement for srandomdev() (where 'junk' can be time(), pid or anything similar). You can't call srandom() from the libraries for the same purposes as srandomdev(), i.e. it damages user application current RNG state in the same way. I mean this: 1) User call srandom(3) 2) Library calls srandomdev() or srandom(123) Second step is effectively damages srandom(3) RNG state. Since the library is a totally encapsulated usage, it makes sense for it to save and restore state aroun its use of the functions, which would effectively allow concurrent use of the generator with other code that uses it. Other code that cares about the state should do the same. -- Terry To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message
Re: Step1, pam_unix srandomdev fix for review
Second step is effectively damages srandom(3) RNG state. Since the library is a totally encapsulated usage, it makes sense for it to save and restore state aroun its use of the functions, which would effectively allow concurrent use of the generator with other code that uses it. Other code that cares about the state should do the same. True but not trivial. I'd be happy to commit working patches :-) M -- o Mark Murray \_ FreeBSD Services Limited O.\_Warning: this .sig is umop ap!sdn To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-current in the body of the message