| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 21 May 2015 15:47:49 -0700 From: Andy Lutomirski <luto@...capital.net> To: "Luis R. Rodriguez" <mcgrof@...e.com> Cc: David Howells <dhowells@...hat.com>, Andy Lutomirski <luto@...nel.org>, Rusty Russell <rusty@...tcorp.com.au>, Michal Marek <mmarek@...e.cz>, Matthew Garrett <mjg59@...f.ucam.org>, keyrings@...ux-nfs.org, Dmitry Kasatkin <dmitry.kasatkin@...il.com>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, Seth Forshee <seth.forshee@...onical.com>, LSM List <linux-security-module@...r.kernel.org>, David Woodhouse <dwmw2@...radead.org> Subject: Re: [PATCH 0/8] MODSIGN: Use PKCS#7 for module signatures [ver #4] On Thu, May 21, 2015 at 3:31 PM, Luis R. Rodriguez <mcgrof@...e.com> wrote: > On Thu, May 21, 2015 at 3:24 PM, Andy Lutomirski <luto@...capital.net> wrote: >> On Thu, May 21, 2015 at 3:16 PM, Luis R. Rodriguez <mcgrof@...e.com> wrote: >>> On Thu, May 21, 2015 at 3:06 PM, Andy Lutomirski <luto@...capital.net> wrote: >>>> Given that, I would say that merely shoving firmware files through the >>>> module verifier as-is would not be okay. >>> >>> Replacing one dog and pony show for another is what is going on, what >>> you describe and suggest seems best, and I welcome patches, it seems >>> you know what you are talking about :) >>> >> >> Don't hold your breath. My plate is over-full. I'm probably a decent >> reviewer of crypto, though. > > Well as good as you are in 10 years we'll have better ones. So when > module signature went into the kernel the real expectation should have > been: > > This code looks good now but is going to be complete shit and > breakable a few years from now. > > Hence my first implicit and now explicit claims on dog and pony shows. > Best thing we can do IMHO is to just allow us to replace stupid human > code with better human code later, and eventually hopefully better AI > code, and so on. Since you don't have time for a real replacement > maybe what we can do is at least document / target / agree for what > pipe dream we want and shoot for it with time. Hopefully folks will > find time to implement it. I disagree. I'm a firm believer in security proofs. While I'm not trained in formal crypto proofs, I can sketch out a proof of why a system that properly tags its signatures is secure against a reasonable threat model. I can also show why that proof wouldn't work for a scheme without tags, and I can demonstrate the actual weakness in a scheme without tags. In ten years, the only reason a scheme that I say looks good would be because (a) I screwed up, (b) an underlying assumption is wrong, or (c) the implementation is subtly wrong. In particular, it won't fail because I'm insufficiently clever. A real professional expert would be less likely to screw up. (For reference, I wrote an actual doctoral thesis involving crypto.) > > In the meantime should that block current dog and pony show trading? I > don't think so. Yes, since I can demonstrate the actual weakness without tags, and crypto is notoriously hard to fix once done poorly and there's a great history of obviously-theoretically-weak systems being meaningfully attacked in the real world. See, for example, every single old SSL/TLS cipher. (And yes, the crypto community knew what was wrong in theory and how to fix it when the protocol was designed. People just didn't pay attention.) --Andy -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists