Date: Mon, 17 Jul 2000 23:44:37 +0200 From: Joachim =?iso-8859-1?Q?Str=F6mbergson?= <watchman@ludd.luth.se> To: FreeBSD-SECURITY <freebsd-security@FreeBSD.ORG> Subject: More about crypto swap, regression and audits. Message-ID: <39737E45.BBA1BA16@ludd.luth.se>
next in thread | raw e-mail | index | archive | help
Aloha! Thanks all for the many great responses. In this mail I'll try to give some references some thoughts on a strategy and some other stuff. Judging by the comments, there actually seems to be a few things I could play with that might turn out to be of some use for FreeBSD. Good. ;-) (1) The FreeBSD Audit. > You need the freebsd-audit list :) Thanks. I'll sign up for it... Done. I'll check it out, both the list and the archives. I look forward to Kris ralleying the troops for it. (2) Regression I believe that quality assurance is part of verifying that old, hunted bugs aren't reintroduced, new problems have appeared and so on between updates. We use this model at work to verify for example that our tools behave as expected after we have gotten an upgrade/bugfix. Therefore I feel it relates to security stuff (somehow). Anyway, I will try to talk to the OpenBSD folks to see if I can fathom the regression stuff they have, what they stress, the rationale for it and so on. Then I'll if I can move parts of it to FreeBSD. Sounds good? Should I report back to this list or some other list about this? (3) Crypto swap This seemed to be interesting. Several of you responded about references to articles. Ok, the author of the crypto swap stuff in FreeBSD is a PhD Student and hacker named Niels Provos. He has written some articles with Theo et al that can be found on the http://www.openbsd.org crypto pages. I searched on Niels and by digging around (this could almost be considered as security by obscurity) I found links to the crypto swap paper at the bottom of his CV page. Check out: Niels home page: http://www.citi.umich.edu/u/provos/ His CV page http://www.citi.umich.edu/u/provos/cv.html Crypto Swap paper: http://www.citi.umich.edu/techreports/reports/citi-tr-00-3.ps.gz I found some presentation slides earlier (at work), but can't seem to find them right now. I'll check tomorrow and get back to the list with it. It might also be interesting to read some of the other articles, like the overview of the OpenBSD crypto stuff To answer some of the questions raised about crypto swap. Niels (as reported in the paper) found his own password, an old password, emails, PGP-phrases and other goodies on the swap. In plaintext. The cost of the crypto is amortized and not "that bad" according to the paper. Still, there is a performance hit for running it, and we should probably do what OpenBSD are doing. That is, having crypto swap as a kernel option. Anyway. My current plans/ideas for investigating crypto swap right now are: (I) Get in touch with Niels to get the source and talk with him about my thoughts and so on. I don't want to step on any toes in either project here. I want the OpenBSD folks to know that I, as a wild and crazy (FreeBSD) guy, is interested in what they have done. The target here is to understand the way their implementation is built, where entry points, interfaces to the rest of the system are, requirements and so on. Sounds ok? (II) According to Kris, Poul-Henning Kamp is buzy doing magical things that might affect/relate to the crypto swap stuff. Therefore, I'll drop him a mail too and see what he thinks I should look out for. Ok? That's my general plan right now. Lots of info gathering at the moment. I'll try to do this the next week or so, try to analyze the stuff, and if anybody is interested, try to write up a summary of it. Warning/disclaimer: I'm (or was) a pretty good programmer - but not in C. (My background is a many-years assembler hacker turned into processor architect and ASIC SoC engineer... With some affection for OO programming thrown in for kicks). Also, I'm not familiar with the FreeBSD-style, the methodology for hacking for FreeBSD or so. Therefor, I'll try to do what I think is correct. I'm probably going to have to ask random questions. When I have something to show (plans, stubs, code snippets - even an implementation) I will need help to check it out. In other words, I'll try my best, but don't expect magic code, ok? If anybody thinks I'm out on the loose - plese stop me, otherwise I'm off like a... very fast snail? -- Cheers! Joachim - Alltid i harmonisk svängning --- FairLight ------ FairLight ------ FairLight ------ FairLight --- Joachim Strömbergson ASIC SoC designer, nice to CUTE animals Phone: +46(0)31 - 27 98 47 Web: http://www.ludd.luth.se/~watchman --------------- Spamfodder: regeringen@regeringen.se --------------- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?39737E45.BBA1BA16>