From: erik quanstrom <quanstro@quanstro.net>
To: 9fans@9fans.net
Subject: Re: [9fans] exportfs security question
Date: Fri, 10 Apr 2009 07:48:54 -0400 [thread overview]
Message-ID: <679b27481fefe8cdfa8b7838625ee32b@quanstro.net> (raw)
In-Reply-To: <20090410084102.GG4823@masters6.cs.jhu.edu>
> We haven't brought up SSL yet, so Eve can read our exchanged random
> numbers... now these values get shoved into SHA-1 (along with the 56 bits of
> entropy from Kn derived from p9any authentication) before being used to make
> the SSL secrets... but... that doesn't seem to matter much. Eve sees the
> first four, the last four, and knows 1/8th of the middle 8 bytes (p9sk1 gets
> an 8-byte secret by unpacking a 7-byte DES key) of the input to the SHA-1
> function, meaning... Eve still only needs to do at most 2^56 SHA-1
> operations to search for our SSL secrets [1]... OK, so Eve can't have
> precomputed tables to help her out, fair enough, but this still seems
> dubious.
>
> Subsequently, having done all of this, the secrets fed into the SSL stream
> contain only 80 bits of entropy, which is itself somewhat small (esp.
> relative to the ability of rc4 to use 128 or even 256 bit keys).
eve has to do zero computation to get at your plan-text stream.
i think they call it transport security for a reason. :-)
if you don't trust eve, then you can't trust /dev/truerand. in fact,
why would an untrustable eve run the right exportfs? but eve
doesn't need to work that hard.
it gets worse. since ssl is part of a kernel device, eve gets to see your
keys anyway. but eve doesn't need them. since ssl is in the kernel,
eve sees the plan text side of the communication.
i think the network is more of a practical worry.
- erik
next prev parent reply other threads:[~2009-04-10 11:48 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-04-10 8:41 Nathaniel W Filardo
2009-04-10 10:25 ` Steve Simon
2009-04-10 15:18 ` Nathaniel W Filardo
2009-04-10 11:48 ` erik quanstrom [this message]
2009-04-10 12:08 ` Mechiel Lukkien
2009-04-10 15:17 ` Nathaniel W Filardo
2009-04-11 23:24 ` Russ Cox
2009-04-13 4:45 ` lucio
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=679b27481fefe8cdfa8b7838625ee32b@quanstro.net \
--to=quanstro@quanstro.net \
--cc=9fans@9fans.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).