Re: [9fans] exportfs security question

9fans - fans of the OS Plan 9 from Bell Labs
 help / color / mirror / Atom feed

From: erik quanstrom <quanstro@quanstro.net>
To: 9fans@9fans.net
Subject: Re: [9fans] exportfs security question
Date: Fri, 10 Apr 2009 07:48:54 -0400	[thread overview]
Message-ID: <679b27481fefe8cdfa8b7838625ee32b@quanstro.net> (raw)
In-Reply-To: <20090410084102.GG4823@masters6.cs.jhu.edu>

> We haven't brought up SSL yet, so Eve can read our exchanged random
> numbers... now these values get shoved into SHA-1 (along with the 56 bits of
> entropy from Kn derived from p9any authentication) before being used to make
> the SSL secrets... but... that doesn't seem to matter much.  Eve sees the
> first four, the last four, and knows 1/8th of the middle 8 bytes (p9sk1 gets
> an 8-byte secret by unpacking a 7-byte DES key) of the input to the SHA-1
> function, meaning...  Eve still only needs to do at most 2^56 SHA-1
> operations to search for our SSL secrets [1]...  OK, so Eve can't have
> precomputed tables to help her out, fair enough, but this still seems
> dubious.
>
> Subsequently, having done all of this, the secrets fed into the SSL stream
> contain only 80 bits of entropy, which is itself somewhat small (esp.
> relative to the ability of rc4 to use 128 or even 256 bit keys).

eve has to do zero computation to get at your plan-text stream.
i think they call it transport security for a reason. :-)

if you don't trust eve, then you can't trust /dev/truerand.  in fact,
why would an untrustable eve run the right exportfs?  but eve
doesn't need to work that hard.

it gets worse.  since ssl is part of a kernel device, eve gets to see your
keys anyway.  but eve doesn't need them.  since ssl is in the kernel,
eve sees the plan text side of the communication.

i think the network is more of a practical worry.

- erik

next prev parent reply	other threads:[~2009-04-10 11:48 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2009-04-10  8:41 Nathaniel W Filardo
2009-04-10 10:25 ` Steve Simon
2009-04-10 15:18   ` Nathaniel W Filardo
2009-04-10 11:48 ` erik quanstrom [this message]
2009-04-10 12:08   ` Mechiel Lukkien
2009-04-10 15:17     ` Nathaniel W Filardo
2009-04-11 23:24 ` Russ Cox
2009-04-13  4:45   ` lucio

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=679b27481fefe8cdfa8b7838625ee32b@quanstro.net \
    --to=quanstro@quanstro.net \
    --cc=9fans@9fans.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).