lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <87a7ljyppx.fsf@dell.be.48ers.dk>
Date:   Thu, 06 Dec 2018 10:22:18 +0100
From:   Peter Korsgaard <peter@...sgaard.com>
To:     Jean Delvare <jdelvare@...e.com>
Cc:     linux-kernel@...r.kernel.org
Subject: Re: [PATCH] Revert "firmware: dmi_scan: Use lowercase letters for UUID"

>>>>> "Jean" == Jean Delvare <jdelvare@...e.com> writes:

 > On Wed, 2018-12-05 at 22:13 +0100, Peter Korsgaard wrote:
 >> This reverts commit 712ff25450bd01366301eef81c33e865d901e7b7.
 >> 
 >> The output of dmi_save_uuid() is exposed to user space as
 >> /sys/devices/virtual/dmi/id/*_uuid, so this breaks backwards compatibility,
 >> E.G.  I have systems that include the content of dmi/id/product_uuid as part
 >> of the keyphrase for cryptsetup luksOpen.
 >> 
 >> As the change was purely cosmetical, revert it to fix such breakage.

 > The change is not "cosmetical". The change was done to comply with RFC
 > 4122:

 > https://tools.ietf.org/html/rfc4122

 >   The hexadecimal values "a" through "f" are output as
 >   lower case characters and are case insensitive on input.

I get that - but it changes the content of sysfs entries, breaking real
systems - E.G. a user space ABI regression.

It is a cosmetic code change in the sense that no known software was
broken with the upper case characters.


 > If "cryptsetup luksOpen" does not lowercase digits before computing its
 > key passphrase, then it's not RFC 4122-compliant and should be fixed.

cryptsetup naturally doesn't know anything about RFC 4122. It just reads
a disk encryption keyphrase which happen to include the content of
id/product_uuid because of my scripts.

 > Nak. This is too late. Changing it again would just add confusion.

Please reconsider. 4.17 is from June, and 4.19 has only recently become
LTS.

-- 
Bye, Peter Korsgaard

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ