From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail1-relais-roc.national.inria.fr (mail1-relais-roc.national.inria.fr [192.134.164.82]) by walapai.inria.fr (8.13.6/8.13.6) with ESMTP id q01NwBTJ016121 for ; Mon, 2 Jan 2012 00:58:11 +0100 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: AkAQAJ7xAE/U4366k2dsb2JhbABCAYIFgwqXG5AtIgEBAQEJCQsJFAMigXIBAQQBIwRHCwULCxoCCQwCDwICRRIGJQmHXwIGowOQXYEvgk6FCQGBcoEWBI0ajTeMZg X-IronPort-AV: E=Sophos;i="4.71,442,1320620400"; d="scan'208";a="137456104" Received: from moutng.kundenserver.de ([212.227.126.186]) by mail1-smtp-roc.national.inria.fr with ESMTP; 02 Jan 2012 00:58:05 +0100 Received: from office1.lan.sumadev.de (dslb-094-219-218-084.pools.arcor-ip.net [94.219.218.84]) by mrelayeu.kundenserver.de (node=mrbap1) with ESMTP (Nemesis) id 0MdEqR-1Rzr7W01oZ-00Hzh6; Mon, 02 Jan 2012 00:58:05 +0100 Received: from [192.168.178.30] (546BF816.cm-12-4d.dynamic.ziggo.nl [84.107.248.22]) by office1.lan.sumadev.de (Postfix) with ESMTPSA id 753D7C00C7; Mon, 2 Jan 2012 00:58:04 +0100 (CET) From: Gerd Stolpmann To: oliver Cc: Xavier Leroy , caml-list@inria.fr In-Reply-To: <20120101232429.GA3818@siouxsie> References: <1325263446.5036.104.camel@samsung> <4EFDEF92.3010204@inria.fr> <20120101125212.GB12851@annexia.org> <4F0097E6.2090701@inria.fr> <1325451843.5036.165.camel@samsung> <20120101232429.GA3818@siouxsie> Content-Type: text/plain; charset="UTF-8" Date: Mon, 02 Jan 2012 00:58:03 +0100 Message-ID: <1325462283.5036.189.camel@samsung> Mime-Version: 1.0 X-Mailer: Evolution 2.32.2 Content-Transfer-Encoding: 7bit X-Provags-ID: V02:K0:7OCri1Vx0+OYPhEctOKBNWU3Wqy7tnZRNASUZB+iJdr LQcYzzebaC/behJ8cap9jyn+s45PV7S/+sSFFiKI04AOZD9W40 AAtVi2j/oSJ3NP4aOyB8SnVg9JoPNyVwLVBARGWeQ1YYAjEv1D oxIoJadSIB/M57mjsjyIh74x6ds6SU69I2239T8Cxcbgs8BT5x XHwHPjttU1H1VJUcfIlMsaByb34bP69VN3/5sRgnjynT6uk7m5 TSbuIMBzZr/LQcItz/tRJvxq9Z466PUYMNXeXV/njTu4+wGpH6 0BOL4gfugxt7I+nI5SyMLj+Ut4hpuq/+pJEkFYU1+qBIrDWYxJ iMUC2iemBN7DVXuRCSDk4HFV7jIMZWWu7v7uhvpjC Subject: Re: [Caml-list] Hashtbl and security Am Montag, den 02.01.2012, 00:24 +0100 schrieb oliver: > > I understand it very well that adding support for cryptographically > > secure random numbers to core Ocaml is a challenge. There is no POSIX > > API, and /dev/random is, although widely available, still non-standard. > [...] > > And also might not be good enough for some certain areas. > > val Hashtbl.HashedType.hash: t -> int > > allows at least providing your own hashing.function, > but that function then must be sophisticated enough > to provide some dynamic re-seeding. It does not allow this. Because of this, the new Hashtbl (only in svn so far) has the additional seed parameter. > > And it is certainly true that there are various levels of security, and > > for some purposes the programmer should be free to install even better > > generators. Nevertheless, Ocaml is now widely used in environments where > > a certain minimum of security is demanded, and I think Ocaml should > > provide this minimum at least, and use it for things like an > > automatically chosen seed for hash tables. > > That's already planned and even implemented, as was mentioned in this thread. > So urging for a new official release would make sense. Not exactly. Xavier mentioned that he withdrew the automatic seeding. If nothing changes, you will have to provide a seed parameter to every Hashtbl.create, coming from a rng of your taste. This is what I don't like - programmers will in most cases simply ignore this possibility, and I predict it will even be ignored when there are strong indications for security threats. Also, there is no good access to rng's. Random is not designed with security in mind. The OS typically provides a generator which is much better (like /dev/random), but there is no uniform interface to it that would make it easy to use it. My concern is that the security options will simply be ignored unless the standard library includes some half-way secure defaults. > > What I could imagine is a module Sys.Security where all security > > features are accessible and configurable, e.g. > > I doubt that this makes sense. > Nearly anything that can be programmed can become a security > issue, if done wrong; especially things done on the > operating system level (like Unix module) could become > a security issue, if things are handled without care. Thanks for your argumentative help - by being ignorant you prove my thesis that typical programmers won't do anything by themselves. The world is so much trouble, better put the head into the sand, and hope the attacker won't pick you. (Well, sorry, maybe a bit too harsh, but I hope you get my point that it is no excuse that also other security issues may exist). The dangerous thing here is that it is not always apparent which hash tables are exposed in areas with security demands. So, it would be good if all hash tables had some basic protection built-in. > A mandatory (not optional) hash-function-parameter > that must be passed (plus some default hash functions > with elaborated documentation on the properties of those) > would make more sense to me. The seed is so far optional. Sure, requiring it mandatorily would ensure it is passed, but I guess programmers would just become used to the idiom "Hashtbl.create ~seed:0 ()". I'd like to rather see that at least a default seed is automatically chosen at program startup (there might even be better schemes like selecting a new default seed after every GC cycle or so). > Putting things that need tp be part of the Hash-module > aside into a Sys.security-module makes these things less > apparent to the programmer who just wants to use hashes, > and don't thinks about using hashes might be a security problem. If done right, this won't be a problem anymore for the typical user (who e.g. programs a web page, and where nobody would spend millions to hack it). Of course, if you want to run a trust center, you'll have higher demands, but I guess you'll check then your code base thoroughly for issues, and won't forget to pass seed parameters wherever needed. Gerd > So, this solution IMHO would be counterproductive > and non-intuitive. > > > Ciao, > Oliver > > -- > Caml-list mailing list. Subscription management and archives: > https://sympa-roc.inria.fr/wws/info/caml-list > Beginner's list: http://groups.yahoo.com/group/ocaml_beginners > Bug reports: http://caml.inria.fr/bin/caml-bugs > >