From: Rich Felker <dalias@libc.org>
To: musl@lists.openwall.com
Subject: Re: list of security features in musl
Date: Tue, 16 Feb 2016 15:39:14 -0500 [thread overview]
Message-ID: <20160216203914.GZ9349@brightrain.aerifal.cx> (raw)
In-Reply-To: <20160216194435.GX9915@port70.net>
On Tue, Feb 16, 2016 at 08:44:35PM +0100, Szabolcs Nagy wrote:
> * Solar Designer <solar@openwall.com> [2016-02-16 20:45:32 +0300]:
> > On Thu, Feb 11, 2016 at 08:11:19PM +0100, Szabolcs Nagy wrote:
> > > - about 'security feature lists':
> > > the fedora project lists 'sha256 based passwd hash' in glibc
> > > as a security feature[0], that implementation is
> > > - a denial of service attack vector (computation depends on
> > > key length more than the admin controlled round count).
> > > - arch dependent(!), one can craft a passwd entry such that
> > > only 32bit machines can log in.
> >
> > What do you mean here? 32-bit overflow/wraparound with very high
> > rounds= specification?
> >
>
> no,
>
> rounds setting is specified in terms of strtoul which has
> saturating semantics so large values are not a problem
> (and out of range values are clamped into [1000,999999999]).
>
> but negative values are accepted by strtoul with different
> meaning on 32 vs 64bit systems (wraparound).
> (e.g. rounds=-4294967295 is clamped to 1000 vs 999999999).
>
> of course arch dependent output is not a useful property
> for a pbkdf so musl rejects negative rounds settings.
> http://git.musl-libc.org/cgit/musl/tree/src/crypt/crypt_sha256.c#n211
>
> Rich,
> it seems musl has the wrong ROUNDS_MAX setting, do you
> mind adding two more 9s there:
> http://git.musl-libc.org/cgit/musl/commit/?id=aeaceb1fa89b865eb0bca739da9c450b5a054866
> to follow the official spec:
> https://www.akkadia.org/drepper/SHA-crypt.txt
> (or reject large rounds so we don't generate non-portable hashes)
The intent was to preclude extreme-DoS-range values of rounds, but
clamping is the wrong behavior to achieve that. Instead we should just
return 0 (fail the operation) if the value is greater than our
ROUNDS_MAX. Does that sound ok?
Rich
next prev parent reply other threads:[~2016-02-16 20:39 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-02-11 7:56 Natanael Copa
2016-02-11 8:41 ` Rich Felker
2016-02-11 19:11 ` Szabolcs Nagy
2016-02-16 17:45 ` Solar Designer
2016-02-16 19:44 ` Szabolcs Nagy
2016-02-16 20:39 ` Rich Felker [this message]
2016-02-16 20:44 ` Szabolcs Nagy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160216203914.GZ9349@brightrain.aerifal.cx \
--to=dalias@libc.org \
--cc=musl@lists.openwall.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/musl/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).