From: <rsbecker@nexbridge.com>
To: "'Jeff King'" <peff@peff.net>, "'Carlo Arenas'" <carenas@gmail.com>
Cc: "'brian m. carlson'" <sandals@crustytoothpaste.net>,
<git@vger.kernel.org>
Subject: RE: [PATCH 1/2] wrapper: add a helper to generate numbers from a CSPRNG
Date: Wed, 17 Nov 2021 15:19:49 -0500 [thread overview]
Message-ID: <01a501d7dbf0$7c538000$74fa8000$@nexbridge.com> (raw)
In-Reply-To: <YZVfrhos+lZas7hk@coredump.intra.peff.net>
On November 17, 2021 3:02 PM, Jeff King wrote:
> On Tue, Nov 16, 2021 at 07:36:51PM -0800, Carlo Arenas wrote:
>
> > > > for the little amount of random data we need, it might be wiser to
> > > > fallback to something POSIX like lrand48 which is most likely to
> > > > be available, but of course your tests that consume lots of random
> > > > data will need to change.
> > >
> > > Unfortunately that won't help. You have to seed lrand48 with
> > > something, which usually means pid and/or timestamp. Which are
> > > predictable to an attacker, which was the start of the whole
> > > conversation. You really need _some_ source of entropy, and only the OS
> can provide that.
> >
> > again, showing my ignorance here; but that "something" doesn't need to
> > be guessable externally; ex: git add could use as seed contents from
> > the file that is adding, or even better mix it up with the other
> > sources as a poor man's /dev/urandom
>
> Those contents are still predictable. So you've made the attacker's job a little
> harder (now they have to block tempfiles for, say, each tag you're going to
> verify), but haven't changed the fundamental problem.
>
> It definitely would help in _some_ threat models, but I think we should strive
> for a solution that can be explained clearly as "nobody can DoS your
> tempfiles" without complicated qualifications.
I missed this one... lrand48 is also not generally available. I don’t think it is even available on Windows.
If we need a generalized solution, it probably needs to be abstracted in git-compat-util.h and compat/rand.[ch], so that the platform maintainers can plug in whatever decent platform randomization happens to be available, if any. We know that rand() is vulnerable, but it might be the only generally available fallback. Perhaps get the compat layer in place with a test suite that exercises the implementation before getting into the general git code base - maybe based on jitterentropy or sslrng. Agree on an interface, decide on a period of time to implement, send the word out that this needs to get done, and hope for the best. I have code that passes FIPS-140 for NonStop ia64 (-ish although not jitterentropy) and x86, and I'm happy to contribute some of this.
Randall
next prev parent reply other threads:[~2021-11-17 20:20 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-16 3:35 [PATCH 0/2] Generate temporary files using a CSPRNG brian m. carlson
2021-11-16 3:35 ` [PATCH 1/2] wrapper: add a helper to generate numbers from " brian m. carlson
2021-11-16 15:31 ` Jeff King
2021-11-16 16:01 ` rsbecker
2021-11-16 18:22 ` Taylor Blau
2021-11-16 19:58 ` rsbecker
2021-11-16 22:41 ` brian m. carlson
2021-11-16 23:20 ` rsbecker
2021-11-17 0:47 ` Carlo Arenas
2021-11-17 3:05 ` rsbecker
2021-11-17 1:03 ` brian m. carlson
2021-11-17 1:50 ` Carlo Arenas
2021-11-17 3:04 ` Jeff King
2021-11-17 3:12 ` rsbecker
2021-11-17 3:36 ` Carlo Arenas
2021-11-17 20:01 ` Jeff King
2021-11-17 20:19 ` rsbecker [this message]
2021-11-17 23:30 ` brian m. carlson
2021-11-17 23:34 ` rsbecker
2021-11-17 3:03 ` rsbecker
2021-11-17 7:39 ` Junio C Hamano
2021-11-17 23:01 ` brian m. carlson
2021-11-18 7:19 ` Junio C Hamano
2021-11-18 22:16 ` brian m. carlson
2021-11-22 9:10 ` Junio C Hamano
2021-11-16 3:35 ` [PATCH 2/2] wrapper: use a CSPRNG to generate random file names brian m. carlson
2021-11-16 15:36 ` Jeff King
2021-11-16 18:28 ` Taylor Blau
2021-11-16 18:57 ` Junio C Hamano
2021-11-16 19:21 ` Jeff King
2021-11-16 19:33 ` Taylor Blau
2021-11-16 15:44 ` [PATCH 0/2] Generate temporary files using a CSPRNG Jeff King
2021-11-16 22:17 ` brian m. carlson
2021-11-16 22:29 ` rsbecker
2021-11-16 20:35 ` Ævar Arnfjörð Bjarmason
2021-11-16 21:06 ` Jeff King
2021-11-17 8:36 ` Ævar Arnfjörð Bjarmason
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='01a501d7dbf0$7c538000$74fa8000$@nexbridge.com' \
--to=rsbecker@nexbridge.com \
--cc=carenas@gmail.com \
--cc=git@vger.kernel.org \
--cc=peff@peff.net \
--cc=sandals@crustytoothpaste.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).