lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 21 Jul 2009 23:04:41 +1000
From:	tridge@...ba.org
To:	Boaz Harrosh <bharrosh@...asas.com>
Cc:	Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
	Alan Cox <alan@...rguk.ukuu.org.uk>,
	James Bottomley <James.Bottomley@...senPartnership.com>,
	Martin Steigerwald <Martin@...htvoll.de>,
	Jan Engelhardt <jengelh@...ozas.de>,
	Theodore Tso <tytso@....edu>,
	Rusty Russell <rusty@...tcorp.com.au>,
	Pavel Machek <pavel@....cz>, john.lanza@...ux.com,
	OGAWA Hirofumi <hirofumi@...l.parknet.co.jp>,
	linux-fsdevel@...r.kernel.org,
	Dave Kleikamp <shaggy@...ux.vnet.ibm.com>, corbet@....net,
	jcm@...masters.org, torvalds@...ux-foundation.org
Subject: Re: CONFIG_VFAT_FS_DUALNAMES regressions

Hi Boaz,

 > I guess you tried putting a zero at first char and it breaks everybody?

It works with some devices, but with many it doesn't. A space followed
by a nul works with quite a lot of devices, but not enough (the last
patch used a space followed by a nul).

I went to a large electronics store and told them I wanted to buy
devices that didn't work with my computer. They were very helpful, and
as a result I was able to test a lot of devices. That is what led to
the design of this patch (plus the feedback from people like Jan and
his IOneIt MP3 player).

 > I guess (35^6)*8*7 is not that bad

yes, but luckily For the WinXP bluescreen the probability of the crash
is actually much lower than that figure would give. With the same
modelling assumptions of WinXP memory slots for 8.3 entries that Paul
used for the last patch, it comes out as less than a 1 in 10k chance
for a full directory (ie. 32767 long filenames). For 100 files in a
directory it is around 1 chance in 10^11. I'm sure Paul will do the
full expansion and modelling if anyone wants more precise numbers.

For the chkdsk rename, the probability is much easier to calculate as
it is just the usual birthday expansion (see wikipedia for simple
formula for that). That is what gives 0.5% for 32767 files in a
directory, and 4.8x10^-8 for for 100 files.

Basically it won't happen very often. In each case the probability is
rougly 75x less than it was for the last patch.

 > What if we had a user mode utility that does these short-names
 > renames that a user can optionally run after umount? since it
 > only writes the (random) short-names it's also safe.

While I will defer to John Lanza if you want a more complete legal
view on this, I think it is likely that separating the steps of the
patent between programs within one system is not a safe enough legal
strategy to be used.

Please do keep thinking about it though. There could well be some
simple combination which is legally safe and also technically
completely satisfactory. If you think you have hit on a winner, you
may wish to discuss it with John Lanza in private first though, so it
can be fine tuned before being presented publicly.

Cheers, Tridge
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ