From owner-freebsd-stable@FreeBSD.ORG Fri Oct 24 17:43:58 2014 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 5896ECDE; Fri, 24 Oct 2014 17:43:58 +0000 (UTC) Received: from mail-wi0-x236.google.com (mail-wi0-x236.google.com [IPv6:2a00:1450:400c:c05::236]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id B67625EF; Fri, 24 Oct 2014 17:43:57 +0000 (UTC) Received: by mail-wi0-f182.google.com with SMTP id bs8so1884410wib.9 for ; Fri, 24 Oct 2014 10:43:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type:content-transfer-encoding; bh=hEiAQWPeoQWOlNXEq+r0Rxu6zACXtGR09ScDYrc+bP4=; b=l5/+v7gbeHvomlPBEKFyitW8dF5xWYXIXfXH0fi0Khbxvu8MEkuUuBdb6vRrd3Wocr lzL+QijNPcjLvTgu5Z2ReB8r3tFDBNE8PxdgVP7fipYkBIZ7qEl2jlLkjCOI22AgleNx v7FwWbCh/I24Rlz3ODmhg99EtFq+kJm3lZzsQEYXlYmBdzK8g0U58gHDq/lB4ltviX/A G7HcpjhNSDjbDrqapCFRNYtEvsKurQIQzJWriEq8tufABPtqZJ8hUQMAiHK/cn8mmLhc wXyC0rbOJ3PYxaz6ykO7Sj9T/6ErrD73yqAoPNtGUkH0J8eyDUNhMsprX6/pVp/iCRJs UrjA== MIME-Version: 1.0 X-Received: by 10.180.79.228 with SMTP id m4mr5603473wix.26.1414172635931; Fri, 24 Oct 2014 10:43:55 -0700 (PDT) Sender: adrian.chadd@gmail.com Received: by 10.216.106.136 with HTTP; Fri, 24 Oct 2014 10:43:55 -0700 (PDT) In-Reply-To: <23061782-21F6-4509-9362-2DAEED692F72@freeBSD.org> References: <201410222107.s9ML7nLC010739@freefall.freebsd.org> <23061782-21F6-4509-9362-2DAEED692F72@freeBSD.org> Date: Fri, 24 Oct 2014 10:43:55 -0700 X-Google-Sender-Auth: 1IclwLKP1rlNiJh8jhqg3CP7xnY Message-ID: Subject: Re: [FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-14:11.crypt From: Adrian Chadd To: Jim Pirzyk Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Cc: FreeBSD Stable Mailing List , Ronald Klop X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Oct 2014 17:43:58 -0000 You mean like des@ ? -adrian On 24 October 2014 09:18, Jim Pirzyk wrote: > That statement is really irrelevant because this is the submitter, what w= as the crypt() behavior back in the 2.0 days? Did anyone in FreeBSD verify= this statement? Why was that behavior not restored, as opposed to chainin= g the default encryption algorithm. If login.conf was lost, mangled, etc i= n the old days, you would still get md5/sha1/=E2=80=A6/etc encryption, now = you just get DES. > > I think the security implications of this change should have required a b= igger review, like at least sign off from security-officer@freebsd.org > > If this was a POSIX compatibility issue, that should have been evaluated = and reviewed properly. It feels there were not enough eyes on this change = and if as you say this is not affected the default passwd algorithm, that s= hould have also been noted in the Errata note. > > - JimP > > On Oct 24, 2014, at 8:48 AM, Ronald Klop wrote: > >> Hi, >> >> I have nothing to do with the actual coding, but please reread comment 7= from the bug report: >> 'This doesn't have anything common with system default password encrypti= on, this is realized using /etc/login.conf and applications like passwd, et= c.' >> >> Regards, >> Ronald. >> >> On Fri, 24 Oct 2014 15:21:48 +0200, Jim Pirzyk wrot= e: >> >>> I think this should be reopened and reverted. This is the wrong answer= and has not taken into account the history of crypt() on FreeBSD. I point= you to the svn log: >>> >>> http://svnweb.freebsd.org/base?view=3Drevision&revision=3D4246 >>> >>> and >>> >>> http://www.freebsd.org/releases/2.0/notes.html >>> >>> If password security for FreeBSD is all you need, and you have no >>> requirement for copying encrypted passwords from different hosts (Suns, >>> DEC machines, etc) into FreeBSD password entries, then FreeBSD's MD5 >>> based security may be all you require! We feel that our default securi= ty >>> model is more than a match for DES, and without any messy export issues >>> to deal with. If you're outside (or even inside) the U.S., give it a t= ry! >>> >>> We are reversing 20+ years of FreeBSD progress. >>> >>> - JimP >>> >>> On Oct 24, 2014, at 8:11 AM, Ronald Klop wrote: >>> >>>> See: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D192277 >>>> >>>> Regards, >>>> Ronald. >>>> >>>> On Fri, 24 Oct 2014 13:14:20 +0200, Jim Pirzyk wr= ote: >>>> >>>>> Hi, >>>>> >>>>> I was wondering if there is more information about this change? Free= BSD changed the default away from DES to MD5 back in the 1.1.5 -> 2.0 trans= ition. It seems to me a downgrade and rewarding bad programming to be chan= ging back to DES now. Also the proper course of action is to correct progr= ams that make the wrong assumption about what crypt() changes. >>>>> >>>>> Thanks >>>>> >>>>> - JimP >>>>> >>>>> On Oct 22, 2014, at 4:07 PM, FreeBSD Errata Notices wrote: >>>>> >>>>>> Signed PGP part >>>>>> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D >>>>>> FreeBSD-EN-14:11.crypt Erra= ta Notice >>>>>> The FreeBSD = Project >>>>>> >>>>>> Topic: crypt(3) default hashing algorithm >>>>>> >>>>>> Category: core >>>>>> Module: libcrypt >>>>>> Announced: 2014-10-22 >>>>>> Affects: FreeBSD 9.3 and FreeBSD 10.0-STABLE after 2014-05-11= and >>>>>> before 2014-10-16. >>>>>> Corrected: 2014-10-13 15:56:47 UTC (stable/10, 10.1-PRERELEASE) >>>>>> 2014-10-16 21:39:04 UTC (releng/10.1, 10.1-RC3) >>>>>> 2014-10-16 21:39:04 UTC (releng/10.1, 10.1-RC2-p2) >>>>>> 2014-10-16 21:39:04 UTC (releng/10.1, 10.1-RC1-p2) >>>>>> 2014-10-16 21:39:04 UTC (releng/10.1, 10.1-BETA3-p2) >>>>>> 2014-10-21 21:09:54 UTC (stable/9, 9.3-STABLE) >>>>>> 2014-10-21 23:50:46 UTC (releng/9.3, 9.3-RELEASE-p4) >>>>>> >>>>>> For general information regarding FreeBSD Errata Notices and Securit= y >>>>>> Advisories, including descriptions of the fields above, security >>>>>> branches, and the following sections, please visit >>>>>> . >>>>>> >>>>>> I. Background >>>>>> >>>>>> The crypt(3) function performs password hashing. Different algorith= ms >>>>>> of varying strength are available, with older, weaker algorithms bei= ng >>>>>> retained for compatibility. >>>>>> >>>>>> The crypt(3) function was originally based on the DES encryption >>>>>> algorithm and generated a 13-character hash from an eight-character >>>>>> password (longer passwords were truncated) and a two-character salt. >>>>>> >>>>>> II. Problem Description >>>>>> >>>>>> In recent FreeBSD releases, the default algorithm for crypt(3) was >>>>>> changed to SHA-512, which generates a much longer hash than the >>>>>> traditional DES-based algorithm. >>>>>> >>>>>> III. Impact >>>>>> >>>>>> Many applications assume that crypt(3) always returns a traditional = DES >>>>>> hash, and blindly copy it into a short buffer without bounds checks.= This >>>>>> may lead to a variety of undesirable results including, at worst, cr= ashing >>>>>> the application. >>>>>> >>>>>> IV. Workaround >>>>>> >>>>>> No workaround is available. >>>>>> >>>>>> V. Solution >>>>>> >>>>>> Perform one of the following: >>>>>> >>>>>> 1) Upgrade your system to a supported FreeBSD stable or release / se= curity >>>>>> branch (releng) dated after the correction date. >>>>>> >>>>>> 2) To update your present system via a source code patch: >>>>>> >>>>>> The following patches have been verified to apply to the applicable >>>>>> FreeBSD release branches. >>>>>> >>>>>> a) Download the relevant patch from the location below, and verify t= he >>>>>> detached PGP signature using your PGP utility. >>>>>> >>>>>> # fetch http://security.FreeBSD.org/patches/EN-14:11/crypt.patch >>>>>> # fetch http://security.FreeBSD.org/patches/EN-14:11/crypt.patch.asc >>>>>> # gpg --verify crypt.patch.asc >>>>>> >>>>>> b) Apply the patch. Execute the following commands as root: >>>>>> >>>>>> # cd /usr/src >>>>>> # patch < /path/to/patch >>>>>> >>>>>> c) Recompile the operating system using buildworld and installworld = as >>>>>> described in . >>>>>> >>>>>> Restart all deamons using the library, or reboot the system. >>>>>> >>>>>> 3) To update your system via a binary patch: >>>>>> >>>>>> Systems running a RELEASE version of FreeBSD on the i386 or amd64 >>>>>> platforms can be updated via the freebsd-update(8) utility: >>>>>> >>>>>> # freebsd-update fetch >>>>>> # freebsd-update install >>>>>> >>>>>> VI. Correction details >>>>>> >>>>>> The following list contains the revision numbers of each file that w= as >>>>>> corrected in FreeBSD. >>>>>> >>>>>> Branch/path Rev= ision >>>>>> --------------------------------------------------------------------= ----- >>>>>> stable/9/ r2= 73425 >>>>>> releng/9.3/ r2= 73438 >>>>>> stable/10/ r2= 73043 >>>>>> releng/10.1/ r2= 73187 >>>>>> --------------------------------------------------------------------= ----- >>>>>> >>>>>> To see which files were modified by a particular revision, run the >>>>>> following command, replacing NNNNNN with the revision number, on a >>>>>> machine with Subversion installed: >>>>>> >>>>>> # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base >>>>>> >>>>>> Or visit the following URL, replacing NNNNNN with the revision numbe= r: >>>>>> >>>>>> >>>>>> >>>>>> VII. References >>>>>> >>>>>> The latest revision of this Errata Notice is available at >>>>>> http://security.FreeBSD.org/advisories/FreeBSD-EN-14:11.crypt.asc >>>>>> >>>>>> _______________________________________________ >>>>>> freebsd-announce@freebsd.org mailing list >>>>>> http://lists.freebsd.org/mailman/listinfo/freebsd-announce >>>>>> To unsubscribe, send any mail to "freebsd-announce-unsubscribe@freeb= sd.org" >>>>> >>>>> --- @(#) $Id: dot.signature,v 1.15 2007/12/27 15:06:13 pirzyk Exp $ >>>>> __o jim@pirzyk.org -----------------------------------------------= --- >>>>> _'\<,_ >>>>> (*)/ (*) I'd rather be out biking. >>> >>> --- @(#) $Id: dot.signature,v 1.15 2007/12/27 15:06:13 pirzyk Exp $ >>> __o jim@pirzyk.org ------------------------------------------------= -- >>> _'\<,_ >>> (*)/ (*) I'd rather be out biking. > > --- @(#) $Id: dot.signature,v 1.15 2007/12/27 15:06:13 pirzyk Exp $ > __o jim@pirzyk.org -------------------------------------------------= - > _'\<,_ > (*)/ (*) I'd rather be out biking. >