Re: [Haifux] Security issues in Linux
On Wed, May 10, 2006 at 02:14:19AM -0400, Tzafrir Cohen wrote: One small point that still bothers me: On Wed, May 10, 2006 at 01:22:18AM +0300, Michael Vasiliev wrote: For the less security aware, there is the kernel support for hardware generators on the motherboard in the current kernel that is about as hard to get as running make menuconfig and enabling an option. (Well, maybe they miss it because they analyze the kernel source snapshot of December 2004, can anyone confirm?) Will that work on every motherboard? On every architecture? No, it depends on the existence of the HW RNG on a given board. Anyway, has there been any discussion of their claims after the article was published but before it made it to the press? Two monthes is a long time. I also read somewhere that the authors claimed that they have brought the problems to the attention of kernel developers but nothing was done. Anybody with more information? I discussed this paper with Matt Mackall, the Linux /dev/random maintainer, a while ago. As far as I can recall, he thought most of the claims were pretty dated (i.e., known). He also thought there was one interesting bit, but we didn't get a chance to discuss it further. Cheers, Muli -- Muli Ben-Yehuda http://www.mulix.org | http://mulix.livejournal.com/ -- Haifa Linux Club Mailing List (http://www.haifux.org) To unsub send an empty message to [EMAIL PROTECTED]
Re: [Haifux] Security issues in Linux
I love the whole live-to-press nature of it all... you'd think the researchers would have discussed it with Mackall themselves first. On 5/10/06, Muli Ben-Yehuda [EMAIL PROTECTED] wrote: On Wed, May 10, 2006 at 02:14:19AM -0400, Tzafrir Cohen wrote: One small point that still bothers me: On Wed, May 10, 2006 at 01:22:18AM +0300, Michael Vasiliev wrote: For the less security aware, there is the kernel support for hardware generators on the motherboard in the current kernel that is about as hard to get as running make menuconfig and enabling an option. (Well, maybe they miss it because they analyze the kernel source snapshot of December 2004, can anyone confirm?) Will that work on every motherboard? On every architecture? No, it depends on the existence of the HW RNG on a given board. Anyway, has there been any discussion of their claims after the article was published but before it made it to the press? Two monthes is a long time. I also read somewhere that the authors claimed that they have brought the problems to the attention of kernel developers but nothing was done. Anybody with more information? I discussed this paper with Matt Mackall, the Linux /dev/random maintainer, a while ago. As far as I can recall, he thought most of the claims were pretty dated (i.e., known). He also thought there was one interesting bit, but we didn't get a chance to discuss it further. Cheers, Muli -- Muli Ben-Yehuda http://www.mulix.org | http://mulix.livejournal.com/ -- Haifa Linux Club Mailing List (http://www.haifux.org) To unsub send an empty message to [EMAIL PROTECTED] -- To necessity... and beyond! Ohad Lutzky ��h�������X�mZ���칻�֧zjm�g�����Z{.n�+���j'�Ɗ
Re: [Haifux] Security issues in Linux
On Wed, May 10, 2006 at 12:17:24PM +0300, Ohad Lutzky wrote: I love the whole live-to-press nature of it all... you'd think the researchers would have discussed it with Mackall themselves first. I introduced Zvika and Matt over email after Zvika asked me to. I don't know if they actually corresponded. I too would've much preferred to see a patch rather than a press release, but ... *shrug*. Cheers, Muli -- Muli Ben-Yehuda http://www.mulix.org | http://mulix.livejournal.com/ -- Haifa Linux Club Mailing List (http://www.haifux.org) To unsub send an empty message to [EMAIL PROTECTED]
Re: [Haifux] Security issues in Linux
Nahum shalom, thanks for the information. However, next time, please consider sending us all the link instead the PDF. -- Orr Dunkelman, [EMAIL PROTECTED] If it wasn't for C, we'd be writing programs in BASI, PASAL, and OBOL, anon Spammers: http://vipe.technion.ac.il/~orrd/spam.html GPG fingerprint: C2D5 C6D6 9A24 9A95 C5B3 2023 6CAB 4A7C B73F D0AA (This key will never sign Emails, only other PGP keys.) On Tue, 9 May 2006, Nahum Cohen wrote: Hi, See the attached file. Nahum -- Haifa Linux Club Mailing List (http://www.haifux.org) To unsub send an empty message to [EMAIL PROTECTED]
Re: [Haifux] Security issues in Linux
By the way, why would they have to _reverse engineer_ the kernel's PRNG? Isn't it GPLd like the rest? On 5/9/06, Tzafrir Cohen [EMAIL PROTECTED] wrote: On Tue, May 09, 2006 at 10:44:54AM +0300, Orr Dunkelman wrote: Nahum shalom, thanks for the information. However, next time, please consider sending us all the link instead the PDF. Seems to have been published two monthes ago: http://www.gutterman.net/blog/2006/03/new_paper_online_to_appear_in.html (link from LinMagazine) A copy of the paper: http://eprint.iacr.org/2006/086.pdf http://www.gutterman.net/publications/GuttermanPinkasReinman2006.pdf A quick search did not provide any discussion of this up until Zvi Gutterman's company published a press release on 1-May . -- Tzafrir -- Haifa Linux Club Mailing List (http://www.haifux.org) To unsub send an empty message to [EMAIL PROTECTED] -- To necessity... and beyond! Ohad Lutzky
Re: [Haifux] Security issues in Linux
On Tue, May 09, 2006 at 11:09:34AM +0300, Ohad Lutzky wrote: By the way, why would they have to _reverse engineer_ the kernel's PRNG? Isn't it GPLd like the rest? Yeah, but apparently, they had trouble reading the code. Cheers, Muli -- Muli Ben-Yehuda http://www.mulix.org | http://mulix.livejournal.com/ -- Haifa Linux Club Mailing List (http://www.haifux.org) To unsub send an empty message to [EMAIL PROTECTED]
Re: [Haifux] Security issues in Linux
On Tuesday May 9 2006 11:12, Orr Dunkelman wrote: According to what they claim, the source code was undocumented, and they had to work hard to make it into a readable pseudo-code. It reminds me a time I had to reverse engineer a circuit diagram I got. Took me hours just to understand what the machine does (and I had the circuit diagrams). Looks like every time my favorite mailing list, or my personal address is picking up another strain of MyDoom, Beagle, or any other MS pandemic, and I am in my free time and curiosity digging through mail headers, or some poorly-written _undocumented_ code which is always a copy of another months-old once-0day IE exploit, excluding the comments, with the payload slapped in, I am actually reverse-engineering... Who would have thought Clearly and objectively, I am a uneducated newb when it comes to kernel and security. I may miss some points here and there. I didn't read all the sources the authors reference to. However, I've read the paper and didn't get my revelation. The Why reverse-engineering the LRNG is not easy part left me thinking about the decisions that were made by the authors. I cannot confirm the hours of rebuild and installation on every small kernel change claim, neither the claim about undocumented, unreadable code. The short excourse into RNG internals was highly educational, however almost all practical attacks on the algorithm revolve around the security classic - running out of entropy eventually. I agree completely with the claim that feeding the entropy pool off the system state itself is foolish, at least theoretically, but authors completely ignore the fact that anyone serious enough will feed the pool off hardware generator(s) anyway, the existence of the projects that provide this easy to set up feature, just for example: http://www.av8n.com/turbid/ For the less security aware, there is the kernel support for hardware generators on the motherboard in the current kernel that is about as hard to get as running make menuconfig and enabling an option. (Well, maybe they miss it because they analyze the kernel source snapshot of December 2004, can anyone confirm?) Apparently, the whole issue is not Linux PRNG is faulty but OSS is not so secure!. Isn't that the old OSS is less secure because everyone can see the security hole FUD, raising it's head every once and so often? A bleak eleventh pirate copy of a copy of Linux ate my data/hard drive/neighbor on fresh steroids, only able to cause a stir among the ignorant? Is it because the A hole discovered in MS Doors have about the same chance of making a newspaper hard-sell headline as A rain expected in Haifa this Wednesday, but finding a dirty spot on some fresh player's clothes is such a exciting little game? Even if it's the same spot, over and over and over again? What I can't figure out is how the fact that just about any teenager is able to spot the security hole in your closed-source program, provided that our average Joe managed it through two months of reading software cracking tutorials and another month of exploiting for dummies. How that fact can provide a false sense of security to anyone is beyond my understanding. -- Aggravated, Michael Vasiliev We must not put mistakes into programs because of sloppiness, we have to do it systematically and with care. -- Attributed to Edsger Wybe Dijkstra -- Haifa Linux Club Mailing List (http://www.haifux.org) To unsub send an empty message to [EMAIL PROTECTED]