From: Szabolcs Nagy <nsz@port70.net>
To: musl@lists.openwall.com
Subject: Re: list of security features in musl
Date: Tue, 16 Feb 2016 21:44:17 +0100 [thread overview]
Message-ID: <20160216204415.GZ9915@port70.net> (raw)
In-Reply-To: <20160216203914.GZ9349@brightrain.aerifal.cx>
* Rich Felker <dalias@libc.org> [2016-02-16 15:39:14 -0500]:
> On Tue, Feb 16, 2016 at 08:44:35PM +0100, Szabolcs Nagy wrote:
> > * Solar Designer <solar@openwall.com> [2016-02-16 20:45:32 +0300]:
> > > On Thu, Feb 11, 2016 at 08:11:19PM +0100, Szabolcs Nagy wrote:
> > > > - about 'security feature lists':
> > > > the fedora project lists 'sha256 based passwd hash' in glibc
> > > > as a security feature[0], that implementation is
> > > > - a denial of service attack vector (computation depends on
> > > > key length more than the admin controlled round count).
> > > > - arch dependent(!), one can craft a passwd entry such that
> > > > only 32bit machines can log in.
> > >
> > > What do you mean here? 32-bit overflow/wraparound with very high
> > > rounds= specification?
> > >
> >
> > no,
> >
> > rounds setting is specified in terms of strtoul which has
> > saturating semantics so large values are not a problem
> > (and out of range values are clamped into [1000,999999999]).
> >
> > but negative values are accepted by strtoul with different
> > meaning on 32 vs 64bit systems (wraparound).
> > (e.g. rounds=-4294967295 is clamped to 1000 vs 999999999).
> >
> > of course arch dependent output is not a useful property
> > for a pbkdf so musl rejects negative rounds settings.
> > http://git.musl-libc.org/cgit/musl/tree/src/crypt/crypt_sha256.c#n211
> >
> > Rich,
> > it seems musl has the wrong ROUNDS_MAX setting, do you
> > mind adding two more 9s there:
> > http://git.musl-libc.org/cgit/musl/commit/?id=aeaceb1fa89b865eb0bca739da9c450b5a054866
> > to follow the official spec:
> > https://www.akkadia.org/drepper/SHA-crypt.txt
> > (or reject large rounds so we don't generate non-portable hashes)
>
> The intent was to preclude extreme-DoS-range values of rounds, but
> clamping is the wrong behavior to achieve that. Instead we should just
> return 0 (fail the operation) if the value is greater than our
> ROUNDS_MAX. Does that sound ok?
>
ok
> Rich
prev parent reply other threads:[~2016-02-16 20:44 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-02-11 7:56 Natanael Copa
2016-02-11 8:41 ` Rich Felker
2016-02-11 19:11 ` Szabolcs Nagy
2016-02-16 17:45 ` Solar Designer
2016-02-16 19:44 ` Szabolcs Nagy
2016-02-16 20:39 ` Rich Felker
2016-02-16 20:44 ` Szabolcs Nagy [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160216204415.GZ9915@port70.net \
--to=nsz@port70.net \
--cc=musl@lists.openwall.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/musl/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).