lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1078471340.1706.34.camel@limit.tm.in>
From: balwinder at gmx.net (Balwinder Singh)
Subject: EFC Released

> Seems very interesting, but how does it affect performance/stability of the system/kernel?

EFC was quite stable when testing was made on hack us box(around 8
months back). But this is a major rewrite of original code, hence more
testing needs to be done.
As efc is going to add one more layer performance will suffer,
benchmarking will reveal exact performance loss, which is yet to be 
done.

EFC Components
--------------
1. Generate and enforce behavior model of a program.
2. Hook with pam lib to let kernel know when each authentication takes
place. Supposed to be useful for sshd,ftpd like programs.
3. Define some critical calls with which must require authentication
from kernel. eg open(/etc/shadow) request by program other than sshd.
4. Define general rule set which might help performance gain. Also might
help in case where behavior model will miss particular call, such as
exception/error handling which might occur occasionally.


As we are far away from a perfect model (and I don't see it happening
unless govt enforces), there will always be some false positives. You
can edit behavior model by hand and add entries in general rules to keep
false positives at minimum.

regards

bal


Powered by blists - more mailing lists