[124222] in cryptography@c2.net mail archive

home help back first fref pref prev next nref lref last post

Re: The perils of security tools

daemon@ATHENA.MIT.EDU (Ben Laurie)
Thu May 22 12:33:56 2008

Date: Thu, 15 May 2008 10:25:11 +0100
From: Ben Laurie <ben@links.org>
To: Paul Hoffman <paul.hoffman@vpnc.org>
CC: Cryptography <cryptography@metzdowd.com>
In-Reply-To: <p0624080cc44f5f4ea470@[165.227.249.200]>

Paul Hoffman wrote:
> I'm confused about two statements here:
> 
> At 2:10 PM +0100 5/13/08, Ben Laurie wrote:
>> The result of this is that for the last two years (from Debian's 
>> "Edgy" release until now), anyone doing pretty much any crypto on 
>> Debian (and hence Ubuntu) has been using easily guessable keys. This 
>> includes SSH keys, SSL keys and OpenVPN keys.
> 
> . . .
> 
>> [2] Valgrind tracks the use of uninitialised memory. Usually it is bad 
>> to have any kind of dependency on uninitialised memory, but OpenSSL 
>> happens to include a rare case when its OK, or even a good idea: its 
>> randomness pool. Adding uninitialised memory to it can do no harm and 
>> might do some good, which is why we do it. It does cause irritating 
>> errors from some kinds of debugging tools, though, including valgrind 
>> and Purify. For that reason, we do have a flag (PURIFY) that removes 
>> the offending code. However, the Debian maintainers, instead of 
>> tracking down the source of the uninitialised memory instead chose to 
>> remove any possibility of adding memory to the pool at all. Clearly 
>> they had not understood the bug before fixing it.
> 
> The second bit makes it sound like the stuff that the Debian folks 
> blindly removed was one, possibly-useful addition to the entropy pool. 
> The first bit makes it sound like the stuff was absolutely critical to 
> the entropy of produced keys. Which one is correct?

They removed _all_ entropy addition to the pool, with the exception of 
the PID, which is mixed in at a lower level.

-- 
http://www.apache-ssl.org/ben.html           http://www.links.org/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com

home help back first fref pref prev next nref lref last post