Date: Fri, 24 Oct 2014 10:43:55 -0700 From: Adrian Chadd <adrian@freebsd.org> To: Jim Pirzyk <pirzyk@freebsd.org> Cc: FreeBSD Stable Mailing List <freebsd-stable@freebsd.org>, Ronald Klop <ronald-lists@klop.ws> Subject: Re: [FreeBSD-Announce] FreeBSD Errata Notice FreeBSD-EN-14:11.crypt Message-ID: <CAJ-VmomUNDHgvmaMZqzgA2tFwnP%2Bs8x8LQCfUtAhTnpC6oYVZg@mail.gmail.com> In-Reply-To: <23061782-21F6-4509-9362-2DAEED692F72@freeBSD.org> References: <201410222107.s9ML7nLC010739@freefall.freebsd.org> <F0DAE32B-34CF-4191-9070-A517ACDC6E2A@freeBSD.org> <op.xn8j96kqkndu52@ronaldradial.radialsg.local> <AC160955-2FEC-49FA-9E1F-B4DE948DCF00@freeBSD.org> <op.xn8lzxyvkndu52@ronaldradial.radialsg.local> <23061782-21F6-4509-9362-2DAEED692F72@freeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
You mean like des@ ? -adrian On 24 October 2014 09:18, Jim Pirzyk <pirzyk@freebsd.org> wrote: > That statement is really irrelevant because this is the submitter, what w= as the crypt() behavior back in the 2.0 days? Did anyone in FreeBSD verify= this statement? Why was that behavior not restored, as opposed to chainin= g the default encryption algorithm. If login.conf was lost, mangled, etc i= n the old days, you would still get md5/sha1/=E2=80=A6/etc encryption, now = you just get DES. > > I think the security implications of this change should have required a b= igger review, like at least sign off from security-officer@freebsd.org > > If this was a POSIX compatibility issue, that should have been evaluated = and reviewed properly. It feels there were not enough eyes on this change = and if as you say this is not affected the default passwd algorithm, that s= hould have also been noted in the Errata note. > > - JimP > > On Oct 24, 2014, at 8:48 AM, Ronald Klop <ronald-lists@klop.ws> wrote: > >> Hi, >> >> I have nothing to do with the actual coding, but please reread comment 7= from the bug report: >> 'This doesn't have anything common with system default password encrypti= on, this is realized using /etc/login.conf and applications like passwd, et= c.' >> >> Regards, >> Ronald. >> >> On Fri, 24 Oct 2014 15:21:48 +0200, Jim Pirzyk <pirzyk@freebsd.org> wrot= e: >> >>> I think this should be reopened and reverted. This is the wrong answer= and has not taken into account the history of crypt() on FreeBSD. I point= you to the svn log: >>> >>> http://svnweb.freebsd.org/base?view=3Drevision&revision=3D4246 >>> >>> and >>> >>> http://www.freebsd.org/releases/2.0/notes.html >>> >>> If password security for FreeBSD is all you need, and you have no >>> requirement for copying encrypted passwords from different hosts (Suns, >>> DEC machines, etc) into FreeBSD password entries, then FreeBSD's MD5 >>> based security may be all you require! We feel that our default securi= ty >>> model is more than a match for DES, and without any messy export issues >>> to deal with. If you're outside (or even inside) the U.S., give it a t= ry! >>> >>> We are reversing 20+ years of FreeBSD progress. >>> >>> - JimP >>> >>> On Oct 24, 2014, at 8:11 AM, Ronald Klop <ronald-lists@klop.ws> wrote: >>> >>>> See: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D192277 >>>> >>>> Regards, >>>> Ronald. >>>> >>>> On Fri, 24 Oct 2014 13:14:20 +0200, Jim Pirzyk <pirzyk@freebsd.org> wr= ote: >>>> >>>>> Hi, >>>>> >>>>> I was wondering if there is more information about this change? Free= BSD changed the default away from DES to MD5 back in the 1.1.5 -> 2.0 trans= ition. It seems to me a downgrade and rewarding bad programming to be chan= ging back to DES now. Also the proper course of action is to correct progr= ams that make the wrong assumption about what crypt() changes. >>>>> >>>>> Thanks >>>>> >>>>> - JimP >>>>> >>>>> On Oct 22, 2014, at 4:07 PM, FreeBSD Errata Notices <errata-notices@f= reebsd.org> wrote: >>>>> >>>>>> Signed PGP part >>>>>> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D >>>>>> FreeBSD-EN-14:11.crypt Erra= ta Notice >>>>>> The FreeBSD = Project >>>>>> >>>>>> Topic: crypt(3) default hashing algorithm >>>>>> >>>>>> Category: core >>>>>> Module: libcrypt >>>>>> Announced: 2014-10-22 >>>>>> Affects: FreeBSD 9.3 and FreeBSD 10.0-STABLE after 2014-05-11= and >>>>>> before 2014-10-16. >>>>>> Corrected: 2014-10-13 15:56:47 UTC (stable/10, 10.1-PRERELEASE) >>>>>> 2014-10-16 21:39:04 UTC (releng/10.1, 10.1-RC3) >>>>>> 2014-10-16 21:39:04 UTC (releng/10.1, 10.1-RC2-p2) >>>>>> 2014-10-16 21:39:04 UTC (releng/10.1, 10.1-RC1-p2) >>>>>> 2014-10-16 21:39:04 UTC (releng/10.1, 10.1-BETA3-p2) >>>>>> 2014-10-21 21:09:54 UTC (stable/9, 9.3-STABLE) >>>>>> 2014-10-21 23:50:46 UTC (releng/9.3, 9.3-RELEASE-p4) >>>>>> >>>>>> For general information regarding FreeBSD Errata Notices and Securit= y >>>>>> Advisories, including descriptions of the fields above, security >>>>>> branches, and the following sections, please visit >>>>>> <URL:http://security.freebsd.org/>. >>>>>> >>>>>> I. Background >>>>>> >>>>>> The crypt(3) function performs password hashing. Different algorith= ms >>>>>> of varying strength are available, with older, weaker algorithms bei= ng >>>>>> retained for compatibility. >>>>>> >>>>>> The crypt(3) function was originally based on the DES encryption >>>>>> algorithm and generated a 13-character hash from an eight-character >>>>>> password (longer passwords were truncated) and a two-character salt. >>>>>> >>>>>> II. Problem Description >>>>>> >>>>>> In recent FreeBSD releases, the default algorithm for crypt(3) was >>>>>> changed to SHA-512, which generates a much longer hash than the >>>>>> traditional DES-based algorithm. >>>>>> >>>>>> III. Impact >>>>>> >>>>>> Many applications assume that crypt(3) always returns a traditional = DES >>>>>> hash, and blindly copy it into a short buffer without bounds checks.= This >>>>>> may lead to a variety of undesirable results including, at worst, cr= ashing >>>>>> the application. >>>>>> >>>>>> IV. Workaround >>>>>> >>>>>> No workaround is available. >>>>>> >>>>>> V. Solution >>>>>> >>>>>> Perform one of the following: >>>>>> >>>>>> 1) Upgrade your system to a supported FreeBSD stable or release / se= curity >>>>>> branch (releng) dated after the correction date. >>>>>> >>>>>> 2) To update your present system via a source code patch: >>>>>> >>>>>> The following patches have been verified to apply to the applicable >>>>>> FreeBSD release branches. >>>>>> >>>>>> a) Download the relevant patch from the location below, and verify t= he >>>>>> detached PGP signature using your PGP utility. >>>>>> >>>>>> # fetch http://security.FreeBSD.org/patches/EN-14:11/crypt.patch >>>>>> # fetch http://security.FreeBSD.org/patches/EN-14:11/crypt.patch.asc >>>>>> # gpg --verify crypt.patch.asc >>>>>> >>>>>> b) Apply the patch. Execute the following commands as root: >>>>>> >>>>>> # cd /usr/src >>>>>> # patch < /path/to/patch >>>>>> >>>>>> c) Recompile the operating system using buildworld and installworld = as >>>>>> described in <URL:http://www.FreeBSD.org/handbook/makeworld.html>. >>>>>> >>>>>> Restart all deamons using the library, or reboot the system. >>>>>> >>>>>> 3) To update your system via a binary patch: >>>>>> >>>>>> Systems running a RELEASE version of FreeBSD on the i386 or amd64 >>>>>> platforms can be updated via the freebsd-update(8) utility: >>>>>> >>>>>> # freebsd-update fetch >>>>>> # freebsd-update install >>>>>> >>>>>> VI. Correction details >>>>>> >>>>>> The following list contains the revision numbers of each file that w= as >>>>>> corrected in FreeBSD. >>>>>> >>>>>> Branch/path Rev= ision >>>>>> --------------------------------------------------------------------= ----- >>>>>> stable/9/ r2= 73425 >>>>>> releng/9.3/ r2= 73438 >>>>>> stable/10/ r2= 73043 >>>>>> releng/10.1/ r2= 73187 >>>>>> --------------------------------------------------------------------= ----- >>>>>> >>>>>> To see which files were modified by a particular revision, run the >>>>>> following command, replacing NNNNNN with the revision number, on a >>>>>> machine with Subversion installed: >>>>>> >>>>>> # svn diff -cNNNNNN --summarize svn://svn.freebsd.org/base >>>>>> >>>>>> Or visit the following URL, replacing NNNNNN with the revision numbe= r: >>>>>> >>>>>> <URL:http://svnweb.freebsd.org/base?view=3Drevision&revision=3DNNNNN= N> >>>>>> >>>>>> VII. References >>>>>> >>>>>> The latest revision of this Errata Notice is available at >>>>>> http://security.FreeBSD.org/advisories/FreeBSD-EN-14:11.crypt.asc >>>>>> >>>>>> _______________________________________________ >>>>>> freebsd-announce@freebsd.org mailing list >>>>>> http://lists.freebsd.org/mailman/listinfo/freebsd-announce >>>>>> To unsubscribe, send any mail to "freebsd-announce-unsubscribe@freeb= sd.org" >>>>> >>>>> --- @(#) $Id: dot.signature,v 1.15 2007/12/27 15:06:13 pirzyk Exp $ >>>>> __o jim@pirzyk.org -----------------------------------------------= --- >>>>> _'\<,_ >>>>> (*)/ (*) I'd rather be out biking. >>> >>> --- @(#) $Id: dot.signature,v 1.15 2007/12/27 15:06:13 pirzyk Exp $ >>> __o jim@pirzyk.org ------------------------------------------------= -- >>> _'\<,_ >>> (*)/ (*) I'd rather be out biking. > > --- @(#) $Id: dot.signature,v 1.15 2007/12/27 15:06:13 pirzyk Exp $ > __o jim@pirzyk.org -------------------------------------------------= - > _'\<,_ > (*)/ (*) I'd rather be out biking. >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAJ-VmomUNDHgvmaMZqzgA2tFwnP%2Bs8x8LQCfUtAhTnpC6oYVZg>