r number of rounds (and overwrites the backup)... This
would also make it easier to upgrade KDFs if a newer/better one is
added.
[1]
https://crypto.stackexchange.com/questions/26510/why-is-hmac-sha1-still-considered-secure
--
John-Mark Gurney Voice: +1 415 2
https://cgit.freebsd.org/src/commit/?id=64cbf7cebc3b80a971e1d15124831d84604b9370
FreeBSD just merged in OpenSSL 1.1.1q
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
updated to support it, and this method
can be done via an update to the ca_root_nss package which is less
invasive than the above patch.
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not.&
Dan Lukes wrote this message on Fri, Feb 26, 2021 at 08:41 +0100:
> On 26.2.2021 2:07, John-Mark Gurney wrote:
> >> Third party CA's are an untrusted automagical nightmare of global and
> >> local MITM risk...
> >
> > Do you delete all the CA's from your browsers
sabled /etc/ssl/certs
Last I checked no browser requires users to ack to install those CA's
have you attempted to pressure them to?
I'm personally much happier to have them installed by default then before
where people were using --no-verify-peer to d/l stuff.
--
John-Mark Gurney
Benjamin Kaduk wrote this message on Sat, Dec 12, 2020 at 18:07 -0800:
> On Sat, Dec 12, 2020 at 04:57:08PM -0800, John-Mark Gurney wrote:
> >
> > If FreeBSD is going to continue to use OpenSSL, better testing needs to
> > be done to figure out such breakage earliers, and
John Baldwin wrote this message on Sat, Dec 12, 2020 at 11:40 -0800:
> On 12/10/20 10:46 PM, John-Mark Gurney wrote:
> > FreeBSD Security Advisories wrote this message on Wed, Dec 09, 2020 at
> > 23:03 +:
> >> versions included in FreeBSD 12.x. This vulnerability is a
Benjamin Kaduk wrote this message on Fri, Dec 11, 2020 at 12:38 -0800:
> On Thu, Dec 10, 2020 at 10:46:28PM -0800, John-Mark Gurney wrote:
> > FreeBSD Security Advisories wrote this message on Wed, Dec 09, 2020 at
> > 23:03 +:
> > > versions included in FreeBSD 1
Robert Schulze wrote this message on Fri, Dec 11, 2020 at 10:14 +0100:
> Hi,
>
> Am 11.12.20 um 07:46 schrieb John-Mark Gurney:
> >
> > Assuming 13 releases w/ OpenSSL, we'll be even in a worse situation
> > than we are now. OpenSSL 3.0.0 has no support c
for 13 will put us even in a worse
situation than we are today.
What are peoples thoughts on how to address the support mismatch between
FreeBSD and OpenSSL? And how to address it?
IMO, FreeBSD does need to do something, and staying w/ OpenSSL does
not look like a viable option.
s in that report as well, so it
isn't like the report found security vulnerability in every TCP/IP
stack they tested.
The best way to have confidence is to pay people to analyize and
verify that the FreeBSD TCP/IP stack is secure, just as it is w/
any critical code th
't have a strong opinion on this...
> I???ll be in touch with ip2locatiin as well
>
> --
> J. Hellenthal
>
> The fact that there's a highway to Hell but only a stairway to Heaven says a
> lot about anticipated traffic volume.
>
> > On Nov 14, 2020, at 12:39, John-Mark Gurney
-T add -f [???]
> No ALTQ support in kernel
> ALTQ related functions disabled
> no IP address found for 2001:BB6:6A10:4200:58D7:5934:7
Well, this isn't a valid ipv6 address. There are only 7 segments,
where as an ipv6 address needs 8. There is not a :: to fill out th
itself does not trust the network or
name servers or anything (but the key); however, if somebody
somehow steals the key, the key permits an intruder to log in
from anywhere in the world. This additional option makes using a
stolen key more difficult (name serve
> objections. It's good to have options.
>
> Yes, pulling in scrypt and/or argon2 is a great idea...
>
> --
> John-Mark GurneyVoice: +1 415 225 5579
>
> "All that I will do, has been done, All that I have, has not."
> _
, pulling in scrypt and/or argon2 is a great idea...
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
___
freebsd-security@freebsd.org mailing list
NOT give access
> to kernel memory).
No, Spectre does not allow one userland process to read another userland
process's memory.. It allows an attacker to read any memory within the
same process..
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will
ing that China has redirected large segments of the inet traffic
through them, you can't even trust the inet back bone to be secure. I
know I've never gotten notification from my ISP that my traffic may have
been compromised this way, and w/o notification, I cannot properly assess
what may have been c
Igor Mozolevsky wrote this message on Sun, Dec 10, 2017 at 19:17 +:
> On 10 December 2017 at 19:02, John-Mark Gurney <j...@funkthat.com> wrote:
>
> > Igor Mozolevsky wrote this message on Sun, Dec 10, 2017 at 17:39 +:
> > > On 10 December 2017 at 17:32, John-Mar
Poul-Henning Kamp wrote this message on Sun, Dec 10, 2017 at 17:36 +:
>
> In message <20171210172127.gd5...@funkthat.com>, John-Mark Gurney writes:
> >Michelle Sullivan wrote this message on Fri, Dec 08, 2017 at 21:29 +1100:
> >> Sorry you want to ensure a
. There is currently
no signatures provided via SVN to validate any source received via http.
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
__
omcast modifies traffic. So you're now saying that if you use FreeBSD
you can't use Comcast as your ISP?
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
___
pdates to be done so?
The arguments that it takes up resources is true, but it is NOT
significant... End users are often bandwidth limited, NOT CPU
limited...
[1]
https://www.techdirt.com/articles/20161123/10554936126/comcast-takes-heat-injecting-messages-into-internet-traffic.shtml
--
John-Mark Gurne
s. It increases driver complexity to support the
many different ways that encryption and mac algorithms can be ordered...
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
d-only access to my
> content files.
Best way to assume is that the network is always compromized, and that
it's up to the nodes to protect the data...
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not.&
this is possible.
[1] https://en.wikipedia.org/wiki/Public_key_infrastructure
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
___
freebsd-s
Ben Woods wrote this message on Wed, Nov 11, 2015 at 16:27 +0800:
> On Wednesday, 11 November 2015, John-Mark Gurney <j...@funkthat.com> wrote:
>
> > Ben Woods wrote this message on Wed, Nov 11, 2015 at 15:40 +0800:
> > > I have to agree that there are cases when
long poll when
it comes to encryption w/ AES-NI...
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
___
freebsd-security@freebsd.org mailing list
https://
Ben Woods wrote this message on Wed, Nov 11, 2015 at 15:40 +0800:
> On Wednesday, 11 November 2015, Bryan Drewery <bdrew...@freebsd.org> wrote:
>
> > On 11/10/15 9:52 AM, John-Mark Gurney wrote:
> > > My vote is to remove the HPN patches. First, the NONE cipher made mo
difference, I'm willing to work with
them to figure out why my tests didn't work and change my vote. I
also believe that the defaults should be enough, if you have to tune
or enable features, then you can install from ports or compile yourself.
--
John-Mark Gurney Vo
Bryan Drewery wrote this message on Tue, Nov 10, 2015 at 16:32 -0800:
> On 11/10/15 9:52 AM, John-Mark Gurney wrote:
> > My vote is to remove the HPN patches. First, the NONE cipher made more
> > sense back when we didn't have AES-NI widely available, and you were
> > seri
inion.
Then you get projects like certificate pinning and SSL Observatory that
helps ensure that the cert that is presented is also presented to others...
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will
John-Mark Gurney wrote this message on Wed, Jul 29, 2015 at 09:11 -0700:
George Neville-Neil wrote this message on Wed, Jul 29, 2015 at 10:35 -0400:
That's fine so long as its removed in HEAD now, and then the warning can
go into 10 aka 10.3.
As I said, setkey doesn't support it.. and I
Chadd wrote:
I'd put together a deprecation plan, which starts with the kernel
warning that this stuff is being removed, MFC that to stable/10 and
stable/9 so people aren't surprised when they upgrade, and then have
it removed in 11.
--
John-Mark Gurney Voice
/
or the racoon example from:
https://blog.plitc.eu/2014/freebsd-10-ipv4-ipsec-net-to-net-vpn-in-der-jail/
best regards
--
John-Mark Gurney Voice: +1 415 225 5579
All that I will do, has been done, All that I have, has
Jim Thompson wrote this message on Mon, Jul 27, 2015 at 23:18 -0500:
On Jul 27, 2015, at 10:41 PM, John-Mark Gurney j...@funkthat.com wrote:
Jim Thompson wrote this message on Mon, Jul 27, 2015 at 20:24 -0500:
On Jul 27, 2015, at 7:57 PM, John-Mark Gurney j...@funkthat.com wrote:
I
this mode, you have to say you are currently
using the mode and include a working sample config.
Thanks.
[1] https://tools.ietf.org/html/draft-ietf-ipsec-skipjack-cbc-00
[2] https://en.wikipedia.org/wiki/Skipjack_(cipher)
--
John-Mark Gurney Voice: +1 415 225 5579
Jim Thompson wrote this message on Mon, Jul 27, 2015 at 20:24 -0500:
On Jul 27, 2015, at 7:57 PM, John-Mark Gurney j...@funkthat.com wrote:
I would like to remove it from HEAD immediately as I don't see a use
for it. Some time ago I proposed removing Skipjack from the OCF in 12
time_t.
Though from my reading of the code, you need to have TZ files compiled
w/ leap seconds which FreeBSD doesn't do by default...
--
John-Mark Gurney Voice: +1 415 225 5579
All that I will do, has been done, All that I have, has
/crypto instead of the AES-NI instructions.. Just don't load
cryptodev and you'll be fine..
--
John-Mark Gurney Voice: +1 415 225 5579
All that I will do, has been done, All that I have, has not.
___
freebsd-security
Kevin Day wrote this message on Sun, May 24, 2015 at 23:15 -0500:
On May 24, 2015, at 5:44 PM, John-Mark Gurney j...@funkthat.com wrote:
If you have cryptodev loaded, this is to be expected as OpenSSL will
use /dev/crypto instead of the AES-NI instructions.. Just don't load
cryptodev
to make
it go faster, it's good code.. I don't see any major issues w/ it
besides what is well know w/ using the various modes...
--
John-Mark Gurney Voice: +1 415 225 5579
All that I will do, has been done, All that I have, has
that the salt is not
a secret (it is kept hidden), but, it leaks information, and _makesalt
is called so rarely, that saving the time doesn't make sense...
So, I'd prefer to keep the code as is WRT these points..
--
John-Mark Gurney Voice: +1 415 225 5579
All
would be a good place to document all the modular formats in
more detail.. what is in crypt(3) isn't that useful... Also,
crypt(3) should have an xref to crypt_makesalt...
Other than those, unless someone objects, I'll commit it...
--
John-Mark Gurney Voice: +1
.
Thanks, I've taken this offer off list.
On Feb 6, 2015, at 6:35 PM, John-Mark Gurney j...@funkthat.com wrote:
I have some plans to improve the opencrypto framework in FreeBSD later
this year. This will require invasive changes to the various drivers.
So, I'd like to line up hardware
(AMD Geode LX, such as Sokris Net5501, missing man page)
safe (SafeNet)
sec (Freescale, missing man page)
cryptocteon (Cavium Octeon, missing man page)
nlmsec (mips/nlm/dev/sec/nlmsec.c, missing man page)
rmisec (mips/rmi/dev/sec/rmisec.c, missing man page)
--
John-Mark Gurney
..
--
John-Mark Gurney Voice: +1 415 225 5579
All that I will do, has been done, All that I have, has not.
___
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe
Andrey V. Elsukov wrote this message on Fri, Nov 21, 2014 at 01:20 +0300:
On 21.11.2014 00:35, John-Mark Gurney wrote:
As I'm about to commit my AES-GCM work, I've been trying to do
some testing to make sure I didn't break IPsec.
The first major issue I ran across was transport mode
Andrey V. Elsukov wrote this message on Mon, Nov 17, 2014 at 21:34 +0300:
On 16.11.2014 09:15, John-Mark Gurney wrote:
Ok, I was able to reproduce the bug, and found that my optimization
for single mbuf packets was broken... I've attached a new patch
that has the fix...
This patch
Andrey V. Elsukov wrote this message on Sat, Nov 15, 2014 at 15:19 +0300:
On 15.11.2014 05:42, John-Mark Gurney wrote:
I just verified that this happens on a clean HEAD @ r274534:
FreeBSD 11.0-CURRENT #0 r274534: Fri Nov 14 17:17:10 PST 2014
j...@carbon.funkthat.com:/scratch/jmg/clean
Adrian Chadd wrote this message on Sat, Nov 15, 2014 at 22:18 -0800:
... no attachment?
Thanks, I put it on the website since I realized it was 155k and
a bit large to attach...
it's at:
https://www.funkthat.com/~jmg/patches/aes.ipsec.6.patch
On 15 November 2014 22:15, John-Mark Gurney j
John-Mark Gurney wrote this message on Fri, Nov 14, 2014 at 11:39 -0800:
Well.. It looks like IPSEC is still broken in head... I can get
pings to pass, but now on IPv4 transport mode, I can't get syn's to
be sent out... I see the output packet in the protocol stats, but
no packets go out
Vsevolod Stakhov wrote this message on Sat, Nov 08, 2014 at 21:20 +:
On 08/11/14 20:45, John-Mark Gurney wrote:
Vsevolod Stakhov wrote this message on Sat, Nov 08, 2014 at 18:55 +:
On 08/11/14 04:23, John-Mark Gurney wrote:
Hello,
Over the last few months, I've been working
Vsevolod Stakhov wrote this message on Sat, Nov 08, 2014 at 18:55 +:
On 08/11/14 04:23, John-Mark Gurney wrote:
Hello,
Over the last few months, I've been working on a project to add support
for AES-GCM and AES-CTR modes to our OpenCrypto framework. The work is
sponsored
have to be copied.
I know there are more fixes and future improvements, but can't think of
them now.
Ermal (eri) has patches that enable AES-GCM (and I believe AES-CTR)
support for our IPsec. Once these patches have been committed, I'll
work with him to integrate his patch.
Thanks.
--
John-Mark
Paul Hoffman wrote this message on Sun, Sep 07, 2014 at 07:00 -0700:
On Sep 5, 2014, at 3:25 PM, John-Mark Gurney j...@funkthat.com wrote:
Skipjack: already removed by OpenBSD and recommend not for use by NIST
after 2010, key size is 80 bits
Yes, nuke.
CAST: key size is 40 to 128
their use w/ IPSec. Most other systems are userland and will
use OpenSSL which is different.
It would be possible for parties that need support to make them a
module, but right now, if you compile in crypto into your kernel, you
get all of these ciphers...
Comments?
Thanks.
--
John-Mark
complicate this change...
2) Convert arc4random(3) to use the sysctl, and if the sysctl fails,
kill the process.
There are also some other improvements that can be made to the
/dev/random frame work, but those are more code cleanup, not security
related changes...
--
John-Mark Gurney
Konstantin Belousov wrote this message on Sat, Jul 19, 2014 at 22:26 +0300:
On Sat, Jul 19, 2014 at 12:03:48PM -0700, John-Mark Gurney wrote:
So, my suggestions:
1) Convert arc4random(9) in the kernel to use the random pool as
/dev/random uses. I vaguely remeber there being an issue w
-peer is specified? That is assuming we don't install one
by default...
I normally use wget which has the same issue, so I usually spell it
--no-check-certificate...
--
John-Mark Gurney Voice: +1 415 225 5579
All that I will do, has been done, All that I have
mirror mozzila's cert repo, then
that's fine, but if we don't have a policy, what will we do when other
CA's contact someone at FreeBSD wanting to get their cert included by
default?
--
John-Mark Gurney Voice: +1 415 225 5579
All that I will do, has been done
;-)
It's good to know the conserns of our users.. :) Even if we may think
some of them are crazy, though I've been happy to find out that I wasn't
paranoid over the last few years, they really were listening.. :)
--
John-Mark Gurney Voice: +1 415 225 5579
All
if we install a CA bundle, this does mean someone who
uses lynx or other text based browser might now not get warnings
about untrusted banking sites, but again, the CA bundle is primarily
to increase the usability/reliability of fetch, not protecting
banking sites...
--
John-Mark Gurney
John-Mark Gurney wrote this message on Wed, Jun 25, 2014 at 18:22 -0700:
Subj is more limited by your attack profile, than purely fast crypto..
In some cases the crypto can be made reasonably fast while being
secure against side channel analysis, but in other cases (GHASH) it's
pretty much one
() will be initialized to 0x5a.
This is intended for debugging and will impact performance nega-
tively.
This used to be eanbled by default on HEAD, but apparently isn't any
more...
--
John-Mark Gurney Voice: +1 415 225 5579
All that I will do
are you going to fetch packages to install
if you don't have that?
btw, all found w/ ldd /usr/bin/* /usr/sbin/* 2/dev/null | less and
searching for libssl...
--
John-Mark Gurney Voice: +1 415 225 5579
All that I will do, has been done, All that I have, has
John-Mark Gurney wrote this message on Tue, Feb 11, 2014 at 10:56 -0800:
I did some performance testing on sha256, and found that the libmd
version is significantly faster, ~20%, than the kernel version. Even
if you enable SHA2_UNROLL_TRANSFORM (which isn't the default), the
version in libmd
(and maybe others).)
Basicly we don't drain the entropy pool as quickly, leaving better
entropy in the system, and preventing an attacker from not having to
do as much work controlling external inputs to the system to possibly
attack the pool...
My vote to remove it.
--
John-Mark Gurney
:35 PM, John-Mark Gurney j...@funkthat.com wrote:
Jonathon Wright wrote this message on Wed, Sep 11, 2013 at 14:15 -1000:
I have posted this question (username-scryptkiddy) in the forums:
http://forums.freebsd.org/showthread.php?t=41875
but was suggested to bring it here to the mailing list
stealing punch cards
and
photographing them..
JW
On Sep 11, 2013, at 7:35 PM, John-Mark Gurney j...@funkthat.com
wrote:
Jonathon Wright wrote this message on Wed, Sep 11, 2013 at 14:15 -1000:
I have posted this question (username-scryptkiddy) in the forums:
http
received certification on a newer version,
but I'm not aware of any at this time...
--
John-Mark Gurney Voice: +1 415 225 5579
All that I will do, has been done, All that I have, has not.
___
freebsd-security
option dependent on defines...
--
John-Mark Gurney Voice: +1 415 225 5579
All that I will do, has been done, All that I have, has not.
___
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo
the overflow happens, it could make it even easier
to exploit... If the overflow happens in the header part, then the http
accept filter will make it even easier, and not require the attacker to
do tricks at the TCP layer...
--
John-Mark Gurney Voice: +1 415 225 5579
73 matches
Mail list logo