From owner-freebsd-stable@FreeBSD.ORG Fri Oct 24 19:37:20 2014 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id B9A52E5E; Fri, 24 Oct 2014 19:37:20 +0000 (UTC) Received: from m2j4.x.rootbsd.net (pirzyk.org [IPv6:2607:fc50:1:5900:216:3eff:fe10:3498]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 84F99238; Fri, 24 Oct 2014 19:37:20 +0000 (UTC) Received: from [192.168.1.126] (c-50-165-9-144.hsd1.il.comcast.net [50.165.9.144]) (authenticated bits=0) by m2j4.x.rootbsd.net (8.14.7/8.14.7) with ESMTP id s9OJbDG7078385 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Fri, 24 Oct 2014 14:37:14 -0500 (CDT) (envelope-from pirzyk@freeBSD.org) Content-Type: multipart/signed; boundary="Apple-Mail=_6EB7C021-CF36-4694-87F1-9AF483B62067"; protocol="application/pgp-signature"; micalg=pgp-sha256 Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\)) Subject: Re: [FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-14:11.crypt From: Jim Pirzyk In-Reply-To: Date: Fri, 24 Oct 2014 14:37:07 -0500 Message-Id: <2FDC7048-E9A3-443B-BC38-CDE776CA1212@freeBSD.org> References: <201410222107.s9ML7nLC010739@freefall.freebsd.org> <23061782-21F6-4509-9362-2DAEED692F72@freeBSD.org> To: Adrian Chadd X-Mailer: Apple Mail (2.1878.6) X-Virus-Scanned: clamav-milter 0.98.4 at pirzyk.org X-Virus-Status: Clean X-Spam-Status: No, score=-0.9 required=8.0 tests=ALL_TRUSTED,TW_SV autolearn=unavailable autolearn_force=no version=3.4.0 X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on pirzyk.org Cc: FreeBSD Stable Mailing List , des@freebsd.org, Ronald Klop X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 24 Oct 2014 19:37:20 -0000 --Apple-Mail=_6EB7C021-CF36-4694-87F1-9AF483B62067 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=windows-1252 Is he the current security officer? If so it would have been nice to = see these issues addressed in the Errata announcement. I still don=92t understand the reasons for backing out a change after 20 = years. - JimP On Oct 24, 2014, at 12:43 PM, Adrian Chadd wrote: > You mean like des@ ? >=20 >=20 >=20 > -adrian >=20 > On 24 October 2014 09:18, Jim Pirzyk wrote: >> That statement is really irrelevant because this is the submitter, = what was the crypt() behavior back in the 2.0 days? Did anyone in = FreeBSD verify this statement? Why was that behavior not restored, as = opposed to chaining the default encryption algorithm. If login.conf was = lost, mangled, etc in the old days, you would still get md5/sha1/=85/etc = encryption, now you just get DES. >>=20 >> I think the security implications of this change should have required = a bigger review, like at least sign off from = security-officer@freebsd.org >>=20 >> If this was a POSIX compatibility issue, that should have been = evaluated and reviewed properly. It feels there were not enough eyes on = this change and if as you say this is not affected the default passwd = algorithm, that should have also been noted in the Errata note. >>=20 >> - JimP >>=20 >> On Oct 24, 2014, at 8:48 AM, Ronald Klop = wrote: >>=20 >>> Hi, >>>=20 >>> I have nothing to do with the actual coding, but please reread = comment 7 from the bug report: >>> 'This doesn't have anything common with system default password = encryption, this is realized using /etc/login.conf and applications like = passwd, etc.' >>>=20 >>> Regards, >>> Ronald. >>>=20 >>> On Fri, 24 Oct 2014 15:21:48 +0200, Jim Pirzyk = wrote: >>>=20 >>>> I think this should be reopened and reverted. This is the wrong = answer and has not taken into account the history of crypt() on FreeBSD. = I point you to the svn log: >>>>=20 >>>> http://svnweb.freebsd.org/base?view=3Drevision&revision=3D4246 >>>>=20 >>>> and >>>>=20 >>>> http://www.freebsd.org/releases/2.0/notes.html >>>>=20 >>>> If password security for FreeBSD is all you need, and you have no >>>> requirement for copying encrypted passwords from different hosts = (Suns, >>>> DEC machines, etc) into FreeBSD password entries, then FreeBSD's = MD5 >>>> based security may be all you require! We feel that our default = security >>>> model is more than a match for DES, and without any messy export = issues >>>> to deal with. If you're outside (or even inside) the U.S., give it = a try! >>>>=20 >>>> We are reversing 20+ years of FreeBSD progress. >>>>=20 >>>> - JimP >>>>=20 >>>> On Oct 24, 2014, at 8:11 AM, Ronald Klop = wrote: >>>>=20 >>>>> See: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D192277 >>>>>=20 >>>>> Regards, >>>>> Ronald. >>>>>=20 >>>>> On Fri, 24 Oct 2014 13:14:20 +0200, Jim Pirzyk = wrote: >>>>>=20 >>>>>> Hi, >>>>>>=20 >>>>>> I was wondering if there is more information about this change? = FreeBSD changed the default away from DES to MD5 back in the 1.1.5 -> = 2.0 transition. It seems to me a downgrade and rewarding bad = programming to be changing back to DES now. Also the proper course of = action is to correct programs that make the wrong assumption about what = crypt() changes. >>>>>>=20 >>>>>> Thanks >>>>>>=20 >>>>>> - JimP >>>>>>=20 >>>>>> On Oct 22, 2014, at 4:07 PM, FreeBSD Errata Notices = wrote: >>>>>>=20 >>>>>>> Signed PGP part >>>>>>> = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D >>>>>>> FreeBSD-EN-14:11.crypt = Errata Notice >>>>>>> The = FreeBSD Project >>>>>>>=20 >>>>>>> Topic: crypt(3) default hashing algorithm >>>>>>>=20 >>>>>>> Category: core >>>>>>> Module: libcrypt >>>>>>> Announced: 2014-10-22 >>>>>>> Affects: FreeBSD 9.3 and FreeBSD 10.0-STABLE after = 2014-05-11 and >>>>>>> before 2014-10-16. >>>>>>> Corrected: 2014-10-13 15:56:47 UTC (stable/10, = 10.1-PRERELEASE) >>>>>>> 2014-10-16 21:39:04 UTC (releng/10.1, 10.1-RC3) >>>>>>> 2014-10-16 21:39:04 UTC (releng/10.1, 10.1-RC2-p2) >>>>>>> 2014-10-16 21:39:04 UTC (releng/10.1, 10.1-RC1-p2) >>>>>>> 2014-10-16 21:39:04 UTC (releng/10.1, = 10.1-BETA3-p2) >>>>>>> 2014-10-21 21:09:54 UTC (stable/9, 9.3-STABLE) >>>>>>> 2014-10-21 23:50:46 UTC (releng/9.3, = 9.3-RELEASE-p4) >>>>>>>=20 >>>>>>> For general information regarding FreeBSD Errata Notices and = Security >>>>>>> Advisories, including descriptions of the fields above, security >>>>>>> branches, and the following sections, please visit >>>>>>> . >>>>>>>=20 >>>>>>> I. Background >>>>>>>=20 >>>>>>> The crypt(3) function performs password hashing. Different = algorithms >>>>>>> of varying strength are available, with older, weaker algorithms = being >>>>>>> retained for compatibility. >>>>>>>=20 >>>>>>> The crypt(3) function was originally based on the DES encryption >>>>>>> algorithm and generated a 13-character hash from an = eight-character >>>>>>> password (longer passwords were truncated) and a two-character = salt. >>>>>>>=20 >>>>>>> II. Problem Description >>>>>>>=20 >>>>>>> In recent FreeBSD releases, the default algorithm for crypt(3) = was >>>>>>> changed to SHA-512, which generates a much longer hash than the >>>>>>> traditional DES-based algorithm. >>>>>>>=20 >>>>>>> III. Impact >>>>>>>=20 >>>>>>> Many applications assume that crypt(3) always returns a = traditional DES >>>>>>> hash, and blindly copy it into a short buffer without bounds = checks. This >>>>>>> may lead to a variety of undesirable results including, at = worst, crashing >>>>>>> the application. >>>>>>>=20 >>>>>>> IV. Workaround >>>>>>>=20 >>>>>>> No workaround is available. >>>>>>>=20 >>>>>>> V. Solution >>>>>>>=20 >>>>>>> Perform one of the following: >>>>>>>=20 >>>>>>> 1) Upgrade your system to a supported FreeBSD stable or release = / security >>>>>>> branch (releng) dated after the correction date. >>>>>>>=20 >>>>>>> 2) To update your present system via a source code patch: >>>>>>>=20 >>>>>>> The following patches have been verified to apply to the = applicable >>>>>>> FreeBSD release branches. >>>>>>>=20 >>>>>>> a) Download the relevant patch from the location below, and = verify the >>>>>>> detached PGP signature using your PGP utility. >>>>>>>=20 >>>>>>> # fetch http://security.FreeBSD.org/patches/EN-14:11/crypt.patch >>>>>>> # fetch = http://security.FreeBSD.org/patches/EN-14:11/crypt.patch.asc >>>>>>> # gpg --verify crypt.patch.asc >>>>>>>=20 >>>>>>> b) Apply the patch. Execute the following commands as root: >>>>>>>=20 >>>>>>> # cd /usr/src >>>>>>> # patch < /path/to/patch >>>>>>>=20 >>>>>>> c) Recompile the operating system using buildworld and = installworld as >>>>>>> described in = . >>>>>>>=20 >>>>>>> Restart all deamons using the library, or reboot the system. >>>>>>>=20 >>>>>>> 3) To update your system via a binary patch: >>>>>>>=20 >>>>>>> Systems running a RELEASE version of FreeBSD on the i386 or = amd64 >>>>>>> platforms can be updated via the freebsd-update(8) utility: >>>>>>>=20 >>>>>>> # freebsd-update fetch >>>>>>> # freebsd-update install >>>>>>>=20 >>>>>>> VI. Correction details >>>>>>>=20 >>>>>>> The following list contains the revision numbers of each file = that was >>>>>>> corrected in FreeBSD. >>>>>>>=20 >>>>>>> Branch/path = Revision >>>>>>> = ------------------------------------------------------------------------- >>>>>>> stable/9/ = r273425 >>>>>>> releng/9.3/ = r273438 >>>>>>> stable/10/ = r273043 >>>>>>> releng/10.1/ = r273187 >>>>>>> = ------------------------------------------------------------------------- >>>>>>>=20 >>>>>>> To see which files were modified by a particular revision, run = the >>>>>>> following command, replacing NNNNNN with the revision number, on = a >>>>>>> machine with Subversion installed: >>>>>>>=20 >>>>>>> # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base >>>>>>>=20 >>>>>>> Or visit the following URL, replacing NNNNNN with the revision = number: >>>>>>>=20 >>>>>>> = >>>>>>>=20 >>>>>>> VII. References >>>>>>>=20 >>>>>>> The latest revision of this Errata Notice is available at >>>>>>> = http://security.FreeBSD.org/advisories/FreeBSD-EN-14:11.crypt.asc >>>>>>>=20 >>>>>>> _______________________________________________ >>>>>>> freebsd-announce@freebsd.org mailing list >>>>>>> http://lists.freebsd.org/mailman/listinfo/freebsd-announce >>>>>>> To unsubscribe, send any mail to = "freebsd-announce-unsubscribe@freebsd.org" >>>>>>=20 >>>>>> --- @(#) $Id: dot.signature,v 1.15 2007/12/27 15:06:13 pirzyk Exp = $ >>>>>> __o jim@pirzyk.org = -------------------------------------------------- >>>>>> _'\<,_ >>>>>> (*)/ (*) I'd rather be out biking. >>>>=20 >>>> --- @(#) $Id: dot.signature,v 1.15 2007/12/27 15:06:13 pirzyk Exp $ >>>> __o jim@pirzyk.org = -------------------------------------------------- >>>> _'\<,_ >>>> (*)/ (*) I'd rather be out biking. >>=20 >> --- @(#) $Id: dot.signature,v 1.15 2007/12/27 15:06:13 pirzyk Exp $ >> __o jim@pirzyk.org = -------------------------------------------------- >> _'\<,_ >> (*)/ (*) I'd rather be out biking. >>=20 --- @(#) $Id: dot.signature,v 1.15 2007/12/27 15:06:13 pirzyk Exp $ __o jim@pirzyk.org = -------------------------------------------------- _'\<,_ (*)/ (*) I'd rather be out biking. --Apple-Mail=_6EB7C021-CF36-4694-87F1-9AF483B62067 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iFcDBQFUSqpo+2AFq07nokoRCHJzAP9Fm5WrOvcWHFLsyujigDl6fpprkmMDTZe8 tu+GKvrmIQD8Dsn3aiQZr5b8+CrcIxYWVEnh49ChSfnxjBRexpsPxoo= =Fzvv -----END PGP SIGNATURE----- --Apple-Mail=_6EB7C021-CF36-4694-87F1-9AF483B62067--