Date: Fri, 24 Oct 2014 14:37:07 -0500 From: Jim Pirzyk <pirzyk@freeBSD.org> To: Adrian Chadd <adrian@freebsd.org> Cc: FreeBSD Stable Mailing List <freebsd-stable@freebsd.org>, des@freebsd.org, Ronald Klop <ronald-lists@klop.ws> Subject: Re: [FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-14:11.crypt Message-ID: <2FDC7048-E9A3-443B-BC38-CDE776CA1212@freeBSD.org> In-Reply-To: <CAJ-VmomUNDHgvmaMZqzgA2tFwnP%2Bs8x8LQCfUtAhTnpC6oYVZg@mail.gmail.com> References: <201410222107.s9ML7nLC010739@freefall.freebsd.org> <F0DAE32B-34CF-4191-9070-A517ACDC6E2A@freeBSD.org> <op.xn8j96kqkndu52@ronaldradial.radialsg.local> <AC160955-2FEC-49FA-9E1F-B4DE948DCF00@freeBSD.org> <op.xn8lzxyvkndu52@ronaldradial.radialsg.local> <23061782-21F6-4509-9362-2DAEED692F72@freeBSD.org> <CAJ-VmomUNDHgvmaMZqzgA2tFwnP%2Bs8x8LQCfUtAhTnpC6oYVZg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--Apple-Mail=_6EB7C021-CF36-4694-87F1-9AF483B62067 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=windows-1252 Is he the current security officer? If so it would have been nice to = see these issues addressed in the Errata announcement. I still don=92t understand the reasons for backing out a change after 20 = years. - JimP On Oct 24, 2014, at 12:43 PM, Adrian Chadd <adrian@freebsd.org> wrote: > You mean like des@ ? >=20 >=20 >=20 > -adrian >=20 > On 24 October 2014 09:18, Jim Pirzyk <pirzyk@freebsd.org> wrote: >> That statement is really irrelevant because this is the submitter, = what was the crypt() behavior back in the 2.0 days? Did anyone in = FreeBSD verify this statement? Why was that behavior not restored, as = opposed to chaining the default encryption algorithm. If login.conf was = lost, mangled, etc in the old days, you would still get md5/sha1/=85/etc = encryption, now you just get DES. >>=20 >> I think the security implications of this change should have required = a bigger review, like at least sign off from = security-officer@freebsd.org >>=20 >> If this was a POSIX compatibility issue, that should have been = evaluated and reviewed properly. It feels there were not enough eyes on = this change and if as you say this is not affected the default passwd = algorithm, that should have also been noted in the Errata note. >>=20 >> - JimP >>=20 >> On Oct 24, 2014, at 8:48 AM, Ronald Klop <ronald-lists@klop.ws> = wrote: >>=20 >>> Hi, >>>=20 >>> I have nothing to do with the actual coding, but please reread = comment 7 from the bug report: >>> 'This doesn't have anything common with system default password = encryption, this is realized using /etc/login.conf and applications like = passwd, etc.' >>>=20 >>> Regards, >>> Ronald. >>>=20 >>> On Fri, 24 Oct 2014 15:21:48 +0200, Jim Pirzyk <pirzyk@freebsd.org> = wrote: >>>=20 >>>> I think this should be reopened and reverted. This is the wrong = answer and has not taken into account the history of crypt() on FreeBSD. = I point you to the svn log: >>>>=20 >>>> http://svnweb.freebsd.org/base?view=3Drevision&revision=3D4246 >>>>=20 >>>> and >>>>=20 >>>> http://www.freebsd.org/releases/2.0/notes.html >>>>=20 >>>> If password security for FreeBSD is all you need, and you have no >>>> requirement for copying encrypted passwords from different hosts = (Suns, >>>> DEC machines, etc) into FreeBSD password entries, then FreeBSD's = MD5 >>>> based security may be all you require! We feel that our default = security >>>> model is more than a match for DES, and without any messy export = issues >>>> to deal with. If you're outside (or even inside) the U.S., give it = a try! >>>>=20 >>>> We are reversing 20+ years of FreeBSD progress. >>>>=20 >>>> - JimP >>>>=20 >>>> On Oct 24, 2014, at 8:11 AM, Ronald Klop <ronald-lists@klop.ws> = wrote: >>>>=20 >>>>> See: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D192277 >>>>>=20 >>>>> Regards, >>>>> Ronald. >>>>>=20 >>>>> On Fri, 24 Oct 2014 13:14:20 +0200, Jim Pirzyk = <pirzyk@freebsd.org> wrote: >>>>>=20 >>>>>> Hi, >>>>>>=20 >>>>>> I was wondering if there is more information about this change? = FreeBSD changed the default away from DES to MD5 back in the 1.1.5 -> = 2.0 transition. It seems to me a downgrade and rewarding bad = programming to be changing back to DES now. Also the proper course of = action is to correct programs that make the wrong assumption about what = crypt() changes. >>>>>>=20 >>>>>> Thanks >>>>>>=20 >>>>>> - JimP >>>>>>=20 >>>>>> On Oct 22, 2014, at 4:07 PM, FreeBSD Errata Notices = <errata-notices@freebsd.org> wrote: >>>>>>=20 >>>>>>> Signed PGP part >>>>>>> = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D >>>>>>> FreeBSD-EN-14:11.crypt = Errata Notice >>>>>>> The = FreeBSD Project >>>>>>>=20 >>>>>>> Topic: crypt(3) default hashing algorithm >>>>>>>=20 >>>>>>> Category: core >>>>>>> Module: libcrypt >>>>>>> Announced: 2014-10-22 >>>>>>> Affects: FreeBSD 9.3 and FreeBSD 10.0-STABLE after = 2014-05-11 and >>>>>>> before 2014-10-16. >>>>>>> Corrected: 2014-10-13 15:56:47 UTC (stable/10, = 10.1-PRERELEASE) >>>>>>> 2014-10-16 21:39:04 UTC (releng/10.1, 10.1-RC3) >>>>>>> 2014-10-16 21:39:04 UTC (releng/10.1, 10.1-RC2-p2) >>>>>>> 2014-10-16 21:39:04 UTC (releng/10.1, 10.1-RC1-p2) >>>>>>> 2014-10-16 21:39:04 UTC (releng/10.1, = 10.1-BETA3-p2) >>>>>>> 2014-10-21 21:09:54 UTC (stable/9, 9.3-STABLE) >>>>>>> 2014-10-21 23:50:46 UTC (releng/9.3, = 9.3-RELEASE-p4) >>>>>>>=20 >>>>>>> For general information regarding FreeBSD Errata Notices and = Security >>>>>>> Advisories, including descriptions of the fields above, security >>>>>>> branches, and the following sections, please visit >>>>>>> <URL:http://security.freebsd.org/>. >>>>>>>=20 >>>>>>> I. Background >>>>>>>=20 >>>>>>> The crypt(3) function performs password hashing. Different = algorithms >>>>>>> of varying strength are available, with older, weaker algorithms = being >>>>>>> retained for compatibility. >>>>>>>=20 >>>>>>> The crypt(3) function was originally based on the DES encryption >>>>>>> algorithm and generated a 13-character hash from an = eight-character >>>>>>> password (longer passwords were truncated) and a two-character = salt. >>>>>>>=20 >>>>>>> II. Problem Description >>>>>>>=20 >>>>>>> In recent FreeBSD releases, the default algorithm for crypt(3) = was >>>>>>> changed to SHA-512, which generates a much longer hash than the >>>>>>> traditional DES-based algorithm. >>>>>>>=20 >>>>>>> III. Impact >>>>>>>=20 >>>>>>> Many applications assume that crypt(3) always returns a = traditional DES >>>>>>> hash, and blindly copy it into a short buffer without bounds = checks. This >>>>>>> may lead to a variety of undesirable results including, at = worst, crashing >>>>>>> the application. >>>>>>>=20 >>>>>>> IV. Workaround >>>>>>>=20 >>>>>>> No workaround is available. >>>>>>>=20 >>>>>>> V. Solution >>>>>>>=20 >>>>>>> Perform one of the following: >>>>>>>=20 >>>>>>> 1) Upgrade your system to a supported FreeBSD stable or release = / security >>>>>>> branch (releng) dated after the correction date. >>>>>>>=20 >>>>>>> 2) To update your present system via a source code patch: >>>>>>>=20 >>>>>>> The following patches have been verified to apply to the = applicable >>>>>>> FreeBSD release branches. >>>>>>>=20 >>>>>>> a) Download the relevant patch from the location below, and = verify the >>>>>>> detached PGP signature using your PGP utility. >>>>>>>=20 >>>>>>> # fetch http://security.FreeBSD.org/patches/EN-14:11/crypt.patch >>>>>>> # fetch = http://security.FreeBSD.org/patches/EN-14:11/crypt.patch.asc >>>>>>> # gpg --verify crypt.patch.asc >>>>>>>=20 >>>>>>> b) Apply the patch. Execute the following commands as root: >>>>>>>=20 >>>>>>> # cd /usr/src >>>>>>> # patch < /path/to/patch >>>>>>>=20 >>>>>>> c) Recompile the operating system using buildworld and = installworld as >>>>>>> described in = <URL:http://www.FreeBSD.org/handbook/makeworld.html>. >>>>>>>=20 >>>>>>> Restart all deamons using the library, or reboot the system. >>>>>>>=20 >>>>>>> 3) To update your system via a binary patch: >>>>>>>=20 >>>>>>> Systems running a RELEASE version of FreeBSD on the i386 or = amd64 >>>>>>> platforms can be updated via the freebsd-update(8) utility: >>>>>>>=20 >>>>>>> # freebsd-update fetch >>>>>>> # freebsd-update install >>>>>>>=20 >>>>>>> VI. Correction details >>>>>>>=20 >>>>>>> The following list contains the revision numbers of each file = that was >>>>>>> corrected in FreeBSD. >>>>>>>=20 >>>>>>> Branch/path = Revision >>>>>>> = ------------------------------------------------------------------------- >>>>>>> stable/9/ = r273425 >>>>>>> releng/9.3/ = r273438 >>>>>>> stable/10/ = r273043 >>>>>>> releng/10.1/ = r273187 >>>>>>> = ------------------------------------------------------------------------- >>>>>>>=20 >>>>>>> To see which files were modified by a particular revision, run = the >>>>>>> following command, replacing NNNNNN with the revision number, on = a >>>>>>> machine with Subversion installed: >>>>>>>=20 >>>>>>> # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base >>>>>>>=20 >>>>>>> Or visit the following URL, replacing NNNNNN with the revision = number: >>>>>>>=20 >>>>>>> = <URL:http://svnweb.freebsd.org/base?view=3Drevision&revision=3DNNNNNN> >>>>>>>=20 >>>>>>> VII. References >>>>>>>=20 >>>>>>> The latest revision of this Errata Notice is available at >>>>>>> = http://security.FreeBSD.org/advisories/FreeBSD-EN-14:11.crypt.asc >>>>>>>=20 >>>>>>> _______________________________________________ >>>>>>> freebsd-announce@freebsd.org mailing list >>>>>>> http://lists.freebsd.org/mailman/listinfo/freebsd-announce >>>>>>> To unsubscribe, send any mail to = "freebsd-announce-unsubscribe@freebsd.org" >>>>>>=20 >>>>>> --- @(#) $Id: dot.signature,v 1.15 2007/12/27 15:06:13 pirzyk Exp = $ >>>>>> __o jim@pirzyk.org = -------------------------------------------------- >>>>>> _'\<,_ >>>>>> (*)/ (*) I'd rather be out biking. >>>>=20 >>>> --- @(#) $Id: dot.signature,v 1.15 2007/12/27 15:06:13 pirzyk Exp $ >>>> __o jim@pirzyk.org = -------------------------------------------------- >>>> _'\<,_ >>>> (*)/ (*) I'd rather be out biking. >>=20 >> --- @(#) $Id: dot.signature,v 1.15 2007/12/27 15:06:13 pirzyk Exp $ >> __o jim@pirzyk.org = -------------------------------------------------- >> _'\<,_ >> (*)/ (*) I'd rather be out biking. >>=20 --- @(#) $Id: dot.signature,v 1.15 2007/12/27 15:06:13 pirzyk Exp $ __o jim@pirzyk.org = -------------------------------------------------- _'\<,_ (*)/ (*) I'd rather be out biking. --Apple-Mail=_6EB7C021-CF36-4694-87F1-9AF483B62067 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iFcDBQFUSqpo+2AFq07nokoRCHJzAP9Fm5WrOvcWHFLsyujigDl6fpprkmMDTZe8 tu+GKvrmIQD8Dsn3aiQZr5b8+CrcIxYWVEnh49ChSfnxjBRexpsPxoo= =Fzvv -----END PGP SIGNATURE----- --Apple-Mail=_6EB7C021-CF36-4694-87F1-9AF483B62067--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2FDC7048-E9A3-443B-BC38-CDE776CA1212>