Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

OpenBSD Will Not Fix PRNG Weakness

kdawson posted more than 6 years ago | from the random-acts-of-kndness dept.

Security 196

snake-oil-security writes "Last fall Amit Klein found a serious weakness in the OpenBSD PRNG (pseudo-random number generator), which allows an attacker to predict the next DNS transaction ID. The same flavor of this PRNG is used in other places like the OpenBSD kernel network stack. Several other BSD operating systems copied the OpenBSD code for their own PRNG, so they're vulnerable too; Apple's Darwin-based Mac OS X and Mac OS X Server, and also NetBSD, FreeBSD, and DragonFlyBSD. All the above-mentioned vendors were contacted in November 2007. FreeBSD, NetBSD, and DragonFlyBSD committed a fix to their respective source code trees, Apple refused to provide any schedule for a fix, but OpenBSD decided not to fix it. OpenBSD's coordinator stated, in an email, that OpenBSD is completely uninterested in the problem and that the problem is completely irrelevant in the real world. This was highlighted recently when Amit Klein posted to the BugTraq list."

cancel ×

196 comments

Sorry! There are no comments related to the filter you selected.

then exploit it (if you can) (5, Insightful)

Anonymous Coward | more than 6 years ago | (#22368958)

if you think its a problem, exploit it
nothing says "fix it" faster than a few thousand compromised hosts
release a PoC that gets r00t, inform the security lists and stand back
thats what full disclosure is for.

if it isnt exploitable then BSD can fix it at leisure
or if thats not quick enough and as its Open Source, YOU fix it if you are that concerned

now somebody call the whhaaambulance

Re:then exploit it (if you can) (0)

Anonymous Coward | more than 6 years ago | (#22369026)

Maybe you're right but I was always very concerned about randomness of my random numbers, to the extent that when my friend explained some of the flaws of .NET's Random class' implementation, I rolled my own for the project we've been working on.

After all random numbers are supposed to be *random*.

Re:then exploit it (if you can) (1)

aliquis (678370) | more than 6 years ago | (#22369120)

Kinda hard to make some if nothing in our world are truly random. Or is anything? Would be cool if there was an algoritm for the past, present and future of the whole universe and everything within ;D

Re:then exploit it (if you can) (4, Informative)

maxwell demon (590494) | more than 6 years ago | (#22369406)

Kinda hard to make some if nothing in our world are truly random. Or is anything?

Quantum mechanics delivers true randomness, at least according to the standard interpretation.

Re:then exploit it (if you can) (2, Interesting)

argiedot (1035754) | more than 6 years ago | (#22369608)

Or by using radiation (If I remember high school science): http://www.blackcatsystems.com/GM/random.html [blackcatsystems.com]

Re:then exploit it (if you can) (1)

evanbd (210358) | more than 6 years ago | (#22370444)

Resistor thermal noise [wikipedia.org] is also inherently quantum in origin, and much easier to measure. All it takes is a resistor, a good analog amplifier, and an A/D converter -- which could all fit on a single piece of silicon if you wanted.

Re:then exploit it (if you can) (5, Funny)

orgelspieler (865795) | more than 6 years ago | (#22370152)

I wrote a program like that once. It kept on outputting 42.

Re:then exploit it (if you can) (1, Funny)

Anonymous Coward | more than 6 years ago | (#22370740)

So did I:

10 PRINT "42"
20 GOTO 10

Re:then exploit it (if you can) (5, Informative)

digitig (1056110) | more than 6 years ago | (#22369168)

If you're working at the level where a friend has to explain the weaknesses in a PRNG class, one you roll yourself is highly unlikely to be better. There are many algorithms out there that have been very thoroughly analysed and explored by experts, and there's going to be one out there that's easy to find and better than your hand-rolled one. And, of course, what count as "weaknesses" depends on the application. A PRNG that's great for Monte-Carlo simulation may be too predictable for cryptography. A PRNG that's sufficiently hard to predict for cryptography may be too slow for Monte-Carlo simulation.

Re:then exploit it (if you can) (1)

that this is not und (1026860) | more than 6 years ago | (#22370308)

True, but if you roll one yourself, the P in PRNG no longer has a second meaning of 'predictable.'

Re:then exploit it (if you can) (2, Insightful)

digitig (1056110) | more than 6 years ago | (#22370514)

True, but if you roll one yourself, the P in PRNG no longer has a second meaning of 'predictable.'
It does if you don't do it right, and you're unlikely to do it right unless you're a cryptographic expert. Just because your algorithm isn't published doesn't mean a competent codebreaker won't be able to crack it: ahref=http://en.wikipedia.org/wiki/Security_through_obscurityrel=url2html-8229 [slashdot.org] http://en.wikipedia.org/wiki/Security_through_obscurity>.

Re:then exploit it (if you can) (0)

Anonymous Coward | more than 6 years ago | (#22370612)

This is a pseudo-RNG, not a RNG.

It is not random. Just nearly.

Re:then exploit it (if you can) (4, Informative)

Jugalator (259273) | more than 6 years ago | (#22369650)

if you think its a problem, exploit it
http://www.securityfocus.com/bid/27647

Re:then exploit it (if you can) (4, Informative)

Jugalator (259273) | more than 6 years ago | (#22369674)

Wow, Slashdot ate my whole comment besides that link... A bug?

Anyway, besides rudely just posting a link like that in response, I was going to say that proof-of-concept code has at least already been published, and his point is that FreeBSD, NetBSD, DragonFlyBSD has fixes available. Apple is currently working on a fix for OS X. OpenBSD is not planning to fix this. More info can be found in my parent link.

Re:then exploit it (if you can) (2, Insightful)

alexhs (877055) | more than 6 years ago | (#22370358)

Wow, Slashdot ate my whole comment besides that link... A bug?
A bug indeed, and it is yours, apparently you can't code in HTML :P
You probably did a typo in a closing tag. Anyway, There's a reason why we have a "preview" button ;)

Re:then exploit it (if you can) (0)

Anonymous Coward | more than 6 years ago | (#22370478)

haha

"r00t"

Uh what (4, Insightful)

Brian Gordon (987471) | more than 6 years ago | (#22368968)

Is the summary just supposed to be as shocking as possible? How about some details on why specifically they decided not to patch it?

Re:Uh what ... yeah (1, Insightful)

cloricus (691063) | more than 6 years ago | (#22369006)

I like the part where if some company, say Apple, does fix it BSD sports fans can't automatically get the fix because, hey, the BSD license!

That's right, I'm trolling BSD users because their idea of Free Software has a flaw, and it'd be nice for them to realise it once in awhile. This is instead of their constant trolling of the GPL (and compatible) while pretending their perception is perfect. And I'm no coward in saying it.

Re:Uh what ... yeah (2, Interesting)

teh kurisu (701097) | more than 6 years ago | (#22369046)

If BSD used the GPL, then Apple still wouldn't be providing a fix, because they wouldn't be using OSS at all. Neither licence is better than the other in this regard.

I don't agree with the trolling from either camp. The licence you release your code under is a matter of personal choice.

Re:Uh what ... yeah (2, Interesting)

cloricus (691063) | more than 6 years ago | (#22369104)

Because that is why they aren't using webkit, apache, samba, cups (or employ the guy who writes it), and several others in their default install.

While I would agree with you on the matter of trolling it really gets old when BSD users trumpet it constantly where-as in my experience GPL supporters tend to realise there are limitations. Of course I'm sure it is seen the same way across the bridge.

Re:Uh what ... yeah (3, Interesting)

Richard_at_work (517087) | more than 6 years ago | (#22369382)

Webkit is LGPL, Apache is under the Apache license, Samba is under the GPL and CUPS (sourcecode copyright, company name and other tangibles) was purchased by Apple a year ago this month (as well as hiring the main developer).

Out of the four items you mention, only one is GPL. You could have done much better to suggest such examples as GCC et al.

The great thing about the BSD license, is that when people do contribute back (and they do, even big companies like Apple), you know its because they *want* to, not because they *have* to.

Re:Uh what ... yeah (0)

Anonymous Coward | more than 6 years ago | (#22370404)

The great thing about the BSD license, is that when people do contribute back (and they do, even big companies like Apple), you know its because they *want* to, not because they *have* to.


What freakin' difference does that make?

Re:Uh what ... yeah (1)

printman (54032) | more than 6 years ago | (#22370620)

Um, CUPS is GPL2/LGPL2. Apple used CUPS for 5 years before they bought it...

Re:Uh what ... yeah (2, Informative)

saleenS281 (859657) | more than 6 years ago | (#22369680)

Great argument, except none of the above are essential to their operating system, which is why they picked them up with a gpl license. It doesn't really matter if the source to any of those are shared or not.

Oh, and captain hater, last time I checked, the fix would be shared [apple.com] .

Re:Uh what ... yeah (1)

SuperBanana (662181) | more than 6 years ago | (#22370550)

Because that is why they aren't using webkit, apache, samba, cups (or employ the guy who writes it), and several others in their default install.

....none of which touch proprietary hardware or deal with DRM.

Re:Uh what ... yeah (2, Insightful)

molarmass192 (608071) | more than 6 years ago | (#22369576)

... and if Apple wasn't using OSS at all, I'd bet that they'd be selling quite a few less laptops and desktops. I know I wouldn't have bought three laptops over the past 2 years. I also know several people who would not have gone the OS X route. GCC / FreeBSD / GNU are very strong selling points for Apple that they didn't have with OS 9. On that note, I think you're right to a large extent, if it came down to a choice between the GPL or closed source, I have a gut feeling Apple would have tried the close route. The BSD license gives them flexibility to release source if and when they want.

Re:Uh what ... yeah (1)

larry bagina (561269) | more than 6 years ago | (#22370776)

Is GNU a strong selling point for using *BSD? gcc, gdb, bison, bash, as, emacs, groff, make, and tar are the only OS X GNU command line tools I can find.

Re:Uh what ... yeah (1)

Sancho (17056) | more than 6 years ago | (#22369080)

People have different opinions on how things should be. When it's their license and their code, they get to decide. Nonetheless, maybe you should contact the Open Source Initiative. They're an organization which collects licenses and "certifies" them as to their openness. BSD's license is listed as open source.

http://www.opensource.org/licenses/bsd-license.php [opensource.org]

Re:Uh what ... yeah (2, Insightful)

cmaxx (7796) | more than 6 years ago | (#22369128)

Nuhuh. This is because the BSD license is semantically freer than GPL in precisely this case:

Apple are free to release their putative fix to the community, or not - their free choice. That's one more freedom, relative to being obliged to release any changes they make which lead to a binary release outisde of Apple, which the GPL would oblige.

There are plenty of folk who see that as a feature not a flaw.

Re:Uh what ... yeah (1)

timrichardson (450256) | more than 6 years ago | (#22369158)

And besides, if computing moves away from code executing on local CPUs and onto central servers to be accessed by web clients (the "cloud"), than even GPL code modified by,for example, Google is not distributed, so the patches are not mandatorily available under GPL either.

Re:Uh what ... yeah (1)

tixxit (1107127) | more than 6 years ago | (#22370366)

Yeah, that's true, though the FSF does provide another license to handle web services [fsf.org] that authors can use instead.

Re:Uh what ... yeah (2, Informative)

larry bagina (561269) | more than 6 years ago | (#22370812)

It's not compatible with GPL 2. It's not compatible with GPL 3. The googles of the world are already using GPL (2 or 3) software and won't be affected.

Re:Uh what ... yeah (1)

aliquis (678370) | more than 6 years ago | (#22369194)

It's both more and less freedom, depending on if you are the developer or the user. There are benefits of both, even thought as I see the BSD alternative as more "free" even thought it doesn't guarantee the freedom.

Re:Uh what ... yeah (3, Insightful)

Goaway (82658) | more than 6 years ago | (#22369810)

Being given something is not a freedom. It may be a good thing, but stretching the definition of "freedom" to include that renders term almost entirely meaningless.

Don't conflate "things you want" with "freedom", please.

Re:Uh what ... yeah (0, Troll)

RedK (112790) | more than 6 years ago | (#22370040)

Apple are free to release their putative fix to the community, or not - their free choice. That's one more freedom, relative to being obliged to release any changes they make which lead to a binary release outisde of Apple, which the GPL would oblige.

There are plenty of folk who see that as a feature not a flaw.
Your view of the freedom offered by the GPL is flawed my little BSD troll. How you managed to get that high of a score on your post shows how many of the little devils have moderation points today.

The GPL isn't about developper freedom, it's about the code's freedom. No matter who decides to pick up and distribute a fork of your project, your users are always sure the source will remain open if the corporate entity decides that it no longer wants to distribute its forks. Hence, they are assured that the modifications done over time are always available and can be included in the main tree of your project if need be.

There are plenty of folk who see that as a feature, not a flaw.

Re:Uh what ... yeah (1)

x_MeRLiN_x (935994) | more than 6 years ago | (#22370402)

Speaking of moderator abuse, it might be healthy for you to realise that people with a difference of opinion aren't trolls.

Re:Uh what ... yeah (2, Insightful)

ShieldW0lf (601553) | more than 6 years ago | (#22370434)

It's about the developers freedom and the users freedom. The developer is free of leverage, and can act as they wish. The user is free of leverage, and can act as they wish. They're not allowed to use the legal system to enforce leverage around the code, obviously. But that doesn't prevent them doing anything they wish with the code, it just prevents them being bastards via the legal system.

Re:Uh what ... yeah (1)

FeepingCreature (1132265) | more than 6 years ago | (#22370128)

I'd argue that while the BSD license gives more freedom to the individual user of the licensed code, the GPL license generates more "overall" freedom :)

As usual, a long-standing debate comes down to semantics.

  --feep

Re:Uh what ... yeah (1)

someone1234 (830754) | more than 6 years ago | (#22370378)

For Apple it is a good feature, for the rest of the world it is either a flaw or they don't care.
I personally don't care :)

Re:Uh what ... yeah (1)

aliquis (678370) | more than 6 years ago | (#22369178)

What says Apple wouldn't release the source code of the patch just because they doesn't have to?

GPL has the same flaw, ya know. (2, Insightful)

Animaether (411575) | more than 6 years ago | (#22369400)

say Google fixes something in a GPLed project that they're -not- distributing. Then GPL fans can't automatically get the fix because, hey, the GPL license*!

( * which only says something about making the code, and thus the fix, available if the code, or compiled version thereof, is distributed. )

The difference is trivial, isn't it. In both cases an existing fix would not automatically be contributed back.

Re:Uh what ... yeah (1)

maxwell demon (590494) | more than 6 years ago | (#22369440)

Well, given that the other free BSDs already fixed it, non-availability of the source obviously isn't the problem here.

Re:Uh what ... yeah (1)

nurb432 (527695) | more than 6 years ago | (#22369452)

Licensing choices has nothing to do with this.

Re:Uh what ... yeah (0)

Anonymous Coward | more than 6 years ago | (#22369524)

Don't like the idea of people being free enough to do something you don't like? Ya want them just free enough to work and then be forced to let you have the fruits of that work? Simply because it "benefits" you? What are you, some kinda 21st century flower child? If you want a driver write a damn driver. And put your tin cup away.

Re: Uh what (4, Informative)

Dolda2000 (759023) | more than 6 years ago | (#22369048)

I'm no security expert and I don't know anything about the attack vectors that he claims, so maybe I shouldn't say too much, but I do know this: TFA mentions that the PRNG is used for such fields as DNS transaction IDs and IP header fragment IDs, and these fields were never even meant to be random from the beginning. Verily so, TFA even says that {Free,Net}BSD don't even use the PRNG by default, but uses sequential numbers unless a certain sysctl is tweaked.

Thus, it is my guess that even if the attack vectors are deemed serious enough, the OpenBSD team has decided that it doesn't matter, since these protocols were never designed for security anyway, and that one should use DNSSEC and/or IPSEC (or TLS) if one actually wants to be secure (it does raise the question as to why they decided to use a PRNG for those fields from the beginning, though). My second guess is that they don't even consider the attack vectors serious, though, since they probably require a cracked router to be effective anyway.

Indeed, if they do require a cracked router, then I don't see the issue to begin with. One of the attacks was that the attacker could inject data into a TCP stream and such things, and if he has a router cracked, then I'm pretty sure he could forge all the data he wants anyway, without using any particular software attack at all, and likewise with DNS data.

Re: Uh what (1, Interesting)

Anonymous Coward | more than 6 years ago | (#22369098)

What if the router is OpenBSD?

Re: Uh what (1)

Dolda2000 (759023) | more than 6 years ago | (#22369256)

Yeah, what if? It's not as if any of these attack vectors would let you compromise a system, at least not by themselves.

Re: Uh what (2, Informative)

Anonymous Coward | more than 6 years ago | (#22369280)

The idea behind the suggested attack vector is to find a way of sending matching packets *without* sitting in the path of the data. If you can guess certain values which the server will send to other hosts with a high probability and do so just by looking at packets which the server sends as answers to your requests, then you can spoof packets and other hosts will accept your misleading payloads as though they were coming from the server.

Re: Uh what (1)

Dolda2000 (759023) | more than 6 years ago | (#22369366)

Really? If that is truly so, then I'd argue that that is what is the actual security flaw, and not the non-randomness of the IDs. For sure, you won't be able to carry out any of the IP attacks that way, since fragment IDs are local to the sending host. To be honest, I didn't understand how the DNS vulnerability worked to begin with (I didn't see it being explained anywhere), so I can't make any statements about it, though.

Re: Uh what (0)

Anonymous Coward | more than 6 years ago | (#22369562)

Actually, forget that. You want to send a reply to a request packet that someone else got from the server. It doesn't make sense the other way around. You need to guess what the server sent to the other host so that you can reply accordingly. If you can guess the value that the server sends and expects back in the valid response, and send an answer before the true answer arrives, you can poison DNS.

Re: Uh what (4, Informative)

Smallpond (221300) | more than 6 years ago | (#22369574)

The reason that they weren't designed to be secure is that noone had thought of the "DNS poisoning" attack when the protocols were designed. If they had, they would have made the ID field longer. Since it is only 16 bits, I doubt that there is any very secure way of protecting someone from guessing the next value. The paper describes a method of narrowing it down to 8 possibilities by doing ~10^9 calculations.

The exploit described in the paper doesn't require a cracked router, just a malicious website. Once you can inject fake DNS entries for bankofamerica.com or ebay.com on some ISP's DNS server, the exploit has paid for itself.

Re:Uh what (5, Interesting)

Zeinfeld (263942) | more than 6 years ago | (#22369050)

Is the summary just supposed to be as shocking as possible? How about some details on why specifically they decided not to patch it?

It is entirely believable to me. Back in 1995 I told Marc Andressen at Netscape that he had a serious problem with the random number generator used to choose session keys for SSL. There was simply not enough randomness going in for there to be 128 bits going out.

Marc had every reason to listen to me, I had broken SSL 1.0 in ten minutes when he tried to demonstrate it at MIT. But it took several weeks to drill the problem into his thick skull.

So they eventually asked me for a description of how to do the thing right.

A year later the exact same bug was discovered independently. By this time they had hired some competent crypto people. I spoke to Taher about the problem later and his explanation was that they found the design note on the PRNG which was so comprehensive that they didn't think it necessary to check the actual code.

Re:Uh what (0)

Anonymous Coward | more than 6 years ago | (#22369202)

Is the summary just supposed to be as shocking as possible? How about some details on why specifically they decided not to patch it?
It is entirely believable to me.
So they both use pseudo-random numbers! Got it. Since this was fixed 10 years ago at Netscape, everything is OK.

Phew! I was concerned about surfing over to a BSD-based website, but now I know everything is OK. Time to move on.

Re:Uh what (4, Funny)

fulldecent (598482) | more than 6 years ago | (#22369716)

You cracked Marc's 128-bit encryption, but your Slashdot id is 263942. Doesn't add up.

Re:Uh what (5, Funny)

LizardKing (5245) | more than 6 years ago | (#22370468)

That's because he's so l33t he can pick a Slashdot id at random every time he posts.

Re:Uh what (0)

Anonymous Coward | more than 6 years ago | (#22369846)

Is the summary just supposed to be as shocking as possible?


Well, this is SheepDot we're talking about, so... yes?

So much for high security (0, Flamebait)

Eravnrekaree (467752) | more than 6 years ago | (#22368980)

So much for OpenBSD being the highest security OS. Even if the bug is a minor one does not pose a great risk, it seems that one should still fix it to ensure the system is functions properly and as expected. To leave a security bug in place because of an assumption does not make a whole lot of sense and shows a bit of arrogance, when they could just fix it instead. It reminds me of the instance where Microsoft Windows 95 had the problem that even if the user had not explicitely made certain directories accessible via file sharing, all the server did was tell the client not to look at them, but would still let the client access them if it asked. The problem was reported to Microsoft by Samba, who pretty much displayed apathy about the matter and didnt seem to recognise it a as a security problem. The OpenBSD bug is not as severe, but when they have a chance to make OpenBSD a little bit more secure, why not take it, especially when their focus is on security.

What?? (1, Insightful)

uuxququex (1175981) | more than 6 years ago | (#22369020)

Are you really comparing OpenBSD to Windows 95? The mind boggles...

The flaw in the PRNG is not exploitable. Not unless you are root on the local machine and have the ability to stop all other processes. If you are root then there is nothing to exploit as you are already, well, root.

So perhaps you should have RTA first? Or where you in a hurry to make a post on front of the list?

Re:What?? (-1, Redundant)

sunami88 (1074925) | more than 6 years ago | (#22369180)

I'll give you the Windows 95 comparison, that is a little nuts.

I do however love the double standard. Microsoft has 1 tiny little local security bug, and if they don't fix it they're the worst and most insecure OS because of it. BSD however, if they say it's not an issue hey, it can't be and therefore will never lead to a larger flaw...

...Right? Pfft, I'm guess the GP did RTFA and read into it like I did.

Re:What?? (1, Insightful)

Anonymous Coward | more than 6 years ago | (#22369430)

You've got it backwards.

You say "OpenBSD is secure, therefore any comparison of OpenBSD to windows 95 is invalid". The GP says "OpenBSD and windows 95 seem to be comparable here, therefore OpenBSD - apparently - is not 100% secure". A priori, the latter makes much more sense; your position can only be reasonably adopted if you already KNOW that OpenBSD is secure. Given that we're talking about a potential flaw in OpenBSD here, such an assertion would amount to circular reasoning.

You say that the flaw "is not exploitable". On what basis are you claiming this? Can you back up your claim somehow? Did you examine the source code or investigate possible attack scenarios? Are you an OpenBSD developer?

The answer to all the above is "no", of course. You do not know that the flaw is not exploitable; you merely have formed an opinion on OpenBSD's supposedly perfect security already and cannot stand the cognitive dissonance created by having to admit it might not be; therefore, you're forced to make claims such as this in the hopes that someone else who's suffering from the same problem(s) will mod you up.

But of course, that need not concern me, the GP, or anyone else - we don't care about your personal problems. All that matters to us is that until we have, at the very least, strong evidence that this flaw cannot possibly be exploited, we are going to treat it as if it can be. And even in the face of such evidence, we are still going to assert that it's better to be careful and that even a flaw that you currently believe cannot be exploited should be patched - after all, nobody is perfect.

It's better to be vigilant, and the OpenBSD developers should be the first to agree to that.

Re:What?? (4, Informative)

Jugalator (259273) | more than 6 years ago | (#22369624)

The flaw in the PRNG is not exploitable. Not unless you are root on the local machine and have the ability to stop all other processes.
Wait.. what?

This could potentially provide a platform for attacks involving prediction of IP sequences and thus TCP data injection attacks.

Where is a local machine access required for that? It could provide attacks on the network traffic itself, by merely knowing which operating systems are involved in it.

If the OpenBSD devs say it isn't a security flaw.. (-1)

Anonymous Coward | more than 6 years ago | (#22369078)

If the OpenBSD developers say this isn't a security concern, I've got 100% confidence that they are correct. Based on their past track record concerning the development of the most secure, yet featureful, operating system in existence, we've got no reason to disbelieve them.

Re:If the OpenBSD devs say it isn't a security fla (2, Insightful)

Anonymous Coward | more than 6 years ago | (#22369102)

>If the OpenBSD developers say this isn't a security concern, I've got 100% confidence that they are correct.

I see you don't remember how OpenBSD developers downplayed remote root vulnerability in mbuf code, until COREsecurity gived them working exploit :].
And this is that mega randomness with what OpenBSD team was so proud :] LOL.

Re:So much for high security (4, Insightful)

norton_I (64015) | more than 6 years ago | (#22369090)

If it isn't actually a security risk (I have no idea if it is or not), the most secure thing to do is to not "fix" it. Changing code always carries the risk of introducing security problems.

The OpenBSD guys are pretty defensive about security. If they say it is not a problem, I am inclined to believe them.

Re:So much for "Pro-*NIX" security perfection, eh? (0)

Anonymous Coward | more than 6 years ago | (#22369652)

"The OpenBSD guys are pretty defensive about security. If they say it is not a problem, I am inclined to believe them." - by norton_I (64015) on Sunday February 10, @08:35AM (#22369090)
I'm not, & here is why:

----------------

http://it.slashdot.org/comments.pl?sid=448136&threshold=-1&commentsort=0&mode=thread&no_d2=1&pid=22369078#22369102 [slashdot.org]

"I see you don't remember how OpenBSD developers downplayed remote root vulnerability in mbuf code, until COREsecurity gived them working exploit :]. And this is that mega randomness with what OpenBSD team was so proud :] LOL."

----------------

Take a read of that, & the "sheer perfection" of those self same "OpenBSD guys" you speak of...

(& also, didn't Microsoft have the SAME PROBLEM, & patched it already (as regard RND generation on Windows XP/Server 2003/VISTA))?

Good Lord - don't tell the "Pro-*NIX" crowd here that, that MS did a better job of security than the BSD crowd has... after all: They might "pitch a shit fit" lol...

The truly hilarious part is watching the "local Penguins/BSD-Apple-MacOS X people" here (what I call the "Pro-*NIX" movement here @ /.) go into a 'tizzy' trying to 'explain it away' when THEIR OS' "of choice" turn up stuff that others have (mainly MS) before, & especially IF they already patched for it (MS has).

NOW, in respect of decency & fairness (no more "ribbing" on the 'Pro-*NIX' crew here on this site now):

Guys, face it: NOBODY is "perfect" - not the OpenBSD camp (or any *NIX variant) devs, OR, the folks from MS too...

This stuff is evolving guys, & thank goodness, mostly in security the past 1-4 yrs. now, & I.E.-> We are STILL in the "Wild West" days of computing & the internet guys!

(& it is GOOD that guys out there do find these things - we, as the end users, gain (as long as the dev teams concerned don't just "blow this stuff off" as the BSD folks apparently are - funny, the MacOS X folks, which IS a BSD derivant/offshoot, don't take it as "non-seriously" & intend to patch it, vs. the OpenBSD camp 'blowing it off', eh?))

Re:So much for high security (-1)

Anonymous Coward | more than 6 years ago | (#22369212)

"So much for OpenBSD being the highest security OS." - by Eravnrekaree (467752) on Sunday February 10, @08:08AM (#22368980)
And, any other BSD variants/offshoots - like MacOS X!

(The TRULY hilarious part, will be seeing the "spins" the folks who espouse/champion these BSD variants, especially vs. Windows, which iirc, Microsoft HAS patched their hassles with this, a long while back now, no less!)

Will wonders NEVER cease, lol... The "Pro-*NIX" crowd, proved wrong, YET AGAIN, @ this site, especially.

Re:So much for high security (2, Informative)

martinlp (904606) | more than 6 years ago | (#22369744)

The OpenBSD bug is not as severe, but when they have a chance to make OpenBSD a little bit more secure, why not take it, especially when their focus is on security.

OpenBSD's argument is that a patch would not make it more secure... so your point is moot.

Why this is so bad: DNS cache poisoning (2, Informative)

Anonymous Coward | more than 6 years ago | (#22368994)

DNS cache poisoning [wikipedia.org]

OpenBSD secure?! (4, Interesting)

darkob (634931) | more than 6 years ago | (#22369032)

This most certainly WILL have impact on OpenBSD's status as "secure" OS. Indeed, OpenBSD claims to have "proactive" approach towards security whereas this issue should and will diminish some of the OpenBSD's "security goodwill".

Re:OpenBSD secure?! (0)

Anonymous Coward | more than 6 years ago | (#22369368)

I run just over 150 OpenBSD servers at work. Web servers, mail servers, DNS servers, FTP servers, you name it. I run three more OpenBSD servers at home, and my other two desktops are running OpenBSD.

They are all susceptible this "security glitch". But I'm not worried at all. The OpenBSD developers say this isn't an issue, and I trust their judgment. The fact that they've looked at this issue and determined it not to be a security risk shows to me that they're responsible and performing their craft with the utmost of care.

Re:OpenBSD secure?! (0)

Anonymous Coward | more than 6 years ago | (#22369570)

Do you trust them when they say the mbuf bug isnt exploitable? You know, the one with a working exploit published?

Alternative submission (-1, Troll)

Anonymous Coward | more than 6 years ago | (#22369096)

Here's my alternative restatement of the submission:

"Last fall Amit Klein found a problem with PRNG that is completely irrelevant in the real world.

The same flavor of this PRNG is used in other places like the OpenBSD kernel network stack. Several other BSD operating systems copied the OpenBSD code for their own PRNG. OpenBSD's coordinator stated, in an email, that OpenBSD is completely uninterested in the problem. OpenBSD decided not to fix it. Apple refused to provide any schedule for a fix.

However, Amit Klein continues to claim that it is a serious weakness. This was highlighted recently when Amit Klein posted to the BugTraq list. All the above-mentioned vendors were contacted in November 2007."

Re:Alternative submission (2, Insightful)

yakumo.unr (833476) | more than 6 years ago | (#22369272)

If flawed, predictable PRNG code is so 'irrelevant in the real world' why does even Microsoft seek to improve upon it?

"Strengthens the cryptography platform with a redesigned random number generator, which leverages the Trusted Platform Module (TPM), when present, for entropy and complies with the latest standards. The redesigned RNG uses the AES-based pseudo-random number generator (PRNG) from NIST Special Publication 800-90 by default. The Dual Elliptical Curve (Dual EC) PRNG from SP 800-90 is also available for customers who prefer to use it."

Overview of Windows Vista Service Pack 1 [microsoft.com]

Though this question obviously will depend on how MS's previous PRNG implementation stacks up against OpenBSD's.

Re:Alternative submission (1)

Zeinfeld (263942) | more than 6 years ago | (#22369664)

If flawed, predictable PRNG code is so 'irrelevant in the real world' why does even Microsoft seek to improve upon it?

Because they have like six Turing award winners working for them including Butler Lampson? Of the top fifty people in network security you will find about a quarter work for Microsoft, more than for any other company, including IBM, RSA and VeriSign. They have the cash and they use it to buy the best.

Microsoft's problem is that you can't buy your way out of a shitty legacy code base in a short space of time.

Microsoft changed the RNG code to take advantage of hardware that provides a true random number generator. This was pretty much a no-brainer. Support for the AES modes is probably there so that they get some FIPS certification or other.

Re:Alternative submission (1)

innerweb (721995) | more than 6 years ago | (#22369704)

which leverages the Trusted Platform Module (TPM)

I smell marketing droid oil. I do favor fixing security issues, but as soon as the TPM becomes involved, rational assumptions vanish. MS has a history of *fixing* things to include new technologies they are having a hard time pushing. TPM is a huge technology for them that they have had an incredibly difficult time pushing. Microsoft needs this technology to win for their game plan to succeed. Trusted Computing in general and remote control of customer PCs is a huge win for them for everything from piracy to open source to media. If they can lock the hardware and software together, excluding things like *nix, then they win. That does not discount the need to fix security issues, but there are other huge benefits for Microsoft to fix this issue if it utilizes TPM as the solution.

InnerWeb

Using hardware to assist a PNRG =!= lock-in (1)

SEMW (967629) | more than 6 years ago | (#22370614)

Ummm, no. Read the GP again: "...leverages the Trusted Platform Module (TPM) when present". That means it still works without the TPM, but presumably has to use other and non-hardware sources of entropy (e.g hashes of time(NULL), thread ID, tick count, CPU performance counters, etc.).

Your assertion that using hardware to reduce the determinism and thus reduce the predictability of a PNRG must be some sort of strategy to lock hardware and software together betrays an ignorance of the problems that computer PNRGs are facing and have always faced. Read some of the other posts.

Re:Alternative submission (0)

Anonymous Coward | more than 6 years ago | (#22369774)

You seem to be confused, this isnt a problem with /dev/urandom, this is a "problem" with dns transaction ids. RTFA.

Of course a weakness in /dev/urandom would be critical, this non-issue is trivial at best.

Oh for Bob's sake! (2, Insightful)

Chas (5144) | more than 6 years ago | (#22369146)

When the PRNG in WINDOWS is shown to be vulnerable (because it's a actually static value), it's a horrendous problem.

But when the PRNG for a non-MS operating system is shown to have a similar (but not identical) problem, it's "irrelevant"?

Troll? Redundant? (1)

Chas (5144) | more than 6 years ago | (#22369956)

Why? I simply point out that a neighbor is partaking of the same nasty behavior he castigates me for...

OpenBSD vulnerability report (0)

Anonymous Coward | more than 6 years ago | (#22369162)

When OpenBSD team receives vulnerability report they are working VERY HARD to find out how could they DOWNPLAY severity of it.
Instead of just fixing it and submitting errata.

Perception is as important as actuality (2, Insightful)

Alain Williams (2972) | more than 6 years ago | (#22369226)

It is not just good enough to be 'secure in the "real world"' it is also important to be seen and believed to be secure.

Can someone say how hard a fix would be ? Surely: for the sake of a bit of work they are committing a public relations blunder!

Re:Perception is as important as actuality (1)

the_B0fh (208483) | more than 6 years ago | (#22369414)

Umm, that's important in corruption, but in a system, you are either exploitable, or you are no exploitable. Perception has no place in it. It doesn't matter if you are perceived either way.

Re:Perception is as important as actuality (1)

Alain Williams (2972) | more than 6 years ago | (#22369986)

Perception is important -- most of the pointy haired types don't really understand the issues; if the competition shouts loudly with noises about ''not wanting to fix a security bug'' they will believe it.

The next thing is that anything *nix or open source is not really interested in security.

Remember that it is easier to loose reputation than to gain it.

Re:Perception is as important as actuality (2, Insightful)

X0563511 (793323) | more than 6 years ago | (#22370716)

I think the real point here, is that the OpenBSD people don't really care what others think. They follow their own drum, for better or for worse.

Nobody forces you to use OpenBSD, and nobody prevents you from patching it yourself. They are entirely in their rights to say "No" even if it is a stupid thing to do.

Re:Perception is as important as actuality (1)

h4nk (1236654) | more than 6 years ago | (#22369660)

well Appendix C sorta lays it out pretty plainly and if I understand this correctly - and I may very well not - I would say the easiest fix may be to shorten the lifetime of the key used by PRNG to something incredibly short or do away with it all together.

Re:Perception is as important as actuality (1)

spidr_mnky (1236668) | more than 6 years ago | (#22369886)

This is OpenBSD we're talking about. They are far from number one in usage statistics, and I don't see a lot of proselytization from their camp. Their glorious leader, if you recall, was asked to leave another project because he was unbearable to work with. They implemented more secure memory functions that initially broke a lot of software. They don't seem likely to take the path of least resistance. Of course, I'm not a member of their team, but I get the idea that they focus on providing the best product possible for those who want a very secure system, not on giving out warm fuzzies. "Free, Functional, & Secure" is their mantra -- not necessarily popular.

XYZ Attacks were also unthinkable a while ago. (2, Informative)

burni (930725) | more than 6 years ago | (#22369252)

I am sorry for this vague subject, but I can't remember the exact topics or incidents anymore, but there were numerous even mentioned on slashdot.

But I wanted to show that most of todays security threats
were first percived hard to be used or totally unthinkable, even minor security problems
which later were updated to the status of a serious threat, because the first look turned out to be wrong.

So when devellopers commit themselves to build the most secure OS, and than on the other hand show such no-interest in fixing this topic, or just review the *BSD solution and paste it into the OpenBSD sourcetree with their background, I can only say this behaviour is untrustworthy.

Random not just security (1)

jvlb (636475) | more than 6 years ago | (#22369312)

While, understandably, the focus here has been on security, it should be remembered that random number generation is useful in other mathematical endeavors, as well. It is slovenly to just walk away from fixing it.

Strike 2, OpenBSD. (5, Insightful)

Neillparatzo (530968) | more than 6 years ago | (#22369334)

OpenBSD is on a fast track to losing its most favored secure OS status if they keep this up.

First they refused to implement WPA (despite the other BSDs having it), because it "doesn't provide real security" and "just use IPSEC".

Now they're refusing to address a weakness in their network stack (despite the other BSDs addressing it), again with the implication that everybody should just jump to IPSEC. What if you're in a situation where an IPSEC rollout is impractical or impossible?

Whatever happened to defense in depth? Whatever happened to "secure by default"? Whatever happened to constructive paranoia, such as randomizing of libc addresses, that was unlikely to have any real impact on security but was a nice extra, just in case? Why must I now upgrade to NetBSD to get security features that are lacking in OpenBSD? Isn't the shoe on the wrong foot?

What happened? Was there a change of management? Is OpenBSD under the thumb of a douchebag patch manager lately? Is this going to go away at some point? Those of us that sleep with OpenBSD firewalls like a gun under our pillow are taking notice.

Re:Strike 2, OpenBSD. (2, Insightful)

the_B0fh (208483) | more than 6 years ago | (#22369434)

And they care about your notice why?

Re:Strike 2, OpenBSD. (1)

argiedot (1035754) | more than 6 years ago | (#22369806)

They aren't, that's what GP was complaining about.

Re:Strike 2, OpenBSD. (3, Insightful)

Anonymous Coward | more than 6 years ago | (#22369702)

First they refused to implement WPA (despite the other BSDs having it), because it "doesn't provide real security" and "just use IPSEC".

Umm, they're completely correct to take this stance. WPA is far inferior to IPSEC, security-wise. It's OpenBSD's job to help insulate you from insecure technologies. We could easily say, "Just because FreeBSD allows one-character passwords, OpenBSD should, too!" And you know what? We'd be wrong to think in that way.

What happened? Was there a change of management? Is OpenBSD under the thumb of a douchebag patch manager lately? Is this going to go away at some point? Those of us that sleep with OpenBSD firewalls like a gun under our pillow are taking notice.

What happened? Nothing happened. The OpenBSD team members are performing their task perfectly. They are computer security experts who have considered this problem, and found it to not be the issue that some others think it is. So they're doing the responsible thing, and not making willy-nilly changes to their codebase for the sake of a "security glitch" that really doesn't exist.

Theo is slow to change, but he will. (5, Interesting)

argent (18001) | more than 6 years ago | (#22370146)

Theo has refused to implement other 'foreign' security changes in OpenBSD when they were first introduced, then turned around and implemented them after a while. He was contemptuous towards non-execute stacks when I spoke with him at Usenix many years ago, because he was convinced OpenBSD's code review policy made it irrelevant and because no-execute didn't stop all stack smashing attacks... but OpenBSD eventually picked it up.

Basically, he's very conservative, very resistant to change, and don't forget that's one of the things that made OpenBSD what it was to begin with... but if it really matters he'll come around.

OpenBSD wont fix? (1)

nurb432 (527695) | more than 6 years ago | (#22369468)

"OpenBSD is completely uninterested"

What you really mean is 'Theo doesn't use this feature, so it cant possibly be important to anyone else in the world'. OBSD is a one man show.

OpenBSD is Dying (-1, Troll)

Anonymous Coward | more than 6 years ago | (#22369558)

It is now official. Netcraft confirms: *BSD is dying

One more crippling bombshell hit the already beleaguered *BSD community when IDC confirmed that *BSD market share has dropped yet again, now down to less than a fraction of 1 percent of all servers. Coming on the heels of a recent Netcraft survey which plainly states that *BSD has lost more market share, this news serves to reinforce what we've known all along. *BSD is collapsing in complete disarray, as fittingly exemplified by failing dead last [samag.com] in the recent Sys Admin comprehensive networking test.

You don't need to be the Amazing Kreskin [amazingkreskin.com] to predict *BSD's future. The hand writing is on the wall: *BSD faces a bleak future. In fact there won't be any future at all for *BSD because *BSD is dying. Things are looking very bad for *BSD. As many of us are already aware, *BSD continues to lose market share. Red ink flows like a river of blood.

FreeBSD is the most endangered of them all, having lost 93% of its core developers. The sudden and unpleasant departures of long time FreeBSD developers Jordan Hubbard and Mike Smith only serve to underscore the point more clearly. There can no longer be any doubt: FreeBSD is dying.

Let's keep to the facts and look at the numbers.

OpenBSD leader Theo states that there are 7000 users of OpenBSD. How many users of NetBSD are there? Let's see. The number of OpenBSD versus NetBSD posts on Usenet is roughly in ratio of 5 to 1. Therefore there are about 7000/5 = 1400 NetBSD users. BSD/OS posts on Usenet are about half of the volume of NetBSD posts. Therefore there are about 700 users of BSD/OS. A recent article put FreeBSD at about 80 percent of the *BSD market. Therefore there are (7000+1400+700)*4 = 36400 FreeBSD users. This is consistent with the number of FreeBSD Usenet posts.

Due to the troubles of Walnut Creek, abysmal sales and so on, FreeBSD went out of business and was taken over by BSDI who sell another troubled OS. Now BSDI is also dead, its corpse turned over to yet another charnel house.

All major surveys show that *BSD has steadily declined in market share. *BSD is very sick and its long term survival prospects are very dim. If *BSD is to survive at all it will be among OS dilettante dabblers. *BSD continues to decay. Nothing short of a miracle could save it at this point in time. For all practical purposes, *BSD is dead.

Fact: *BSD is dying

Re:OpenBSD is Dying (1)

Epsillon (608775) | more than 6 years ago | (#22370790)

Time to start a new one. This meme got tiring ages ago...

Still Alive, BSD version, sung to the tune of Jonathan Coulton's "Still Alive" from the game "Portal," originally vocalised by Ellen McLain in character as GLaDOS. I be asserting me fair use right of parody, yarr!

This was a triumph,
I'm logging a note here: Huge success,
We had to dummynet the heavy traffic,
BSD Unix (R),
We code what we must because we can,
For the good of all of us,
Including vendors as well,

But there's no sense crying over closed source code,
You just keep debugging 'till the core dumps are old,
And releases get done,
Raymond gets a new gun,
But despite this we are,
Still alive!

I'm not even angry,
I'm being so sincere right now,
Even though we got here first and beat you,
Now you say that we're dying,
And this is the year of Linux' dreams,
As you make statistics up,
We are so happy for you,

Now these points of data made our code really shine,
And we're out of beta, we're releasing on time,
So I'm glad you think you won,
There's so much needs to be done,
But regardless we are,
Still alive!

So go post on Slashdot,
I think I'd prefer to read the lists,
Maybe you'll get your own kernel someday,
Maybe that Hurd thing,
That was a joke, ha ha, fat chance,
Anyway, this code is great,
It's so consistent and neat,

Look at me still gloating when there's -CURRENT to plan,
When it's said and done you'll know that we're the best "clan",
We are organised and clean,
We go where you've never been,
And we'll always be,
Still alive!

Believe me, we are still alive,
We're all legit now and we're still alive,
We're on the server and we're still alive,
We're on the desktop and we're still alive,
We're helping Apple and we're still alive,
We're running routers and we're still alive,
We're on your gateway and we're still alive,
We've got your e-mail and we're still alive,
And when you're dying we'll be still alive,
Still alive,
Still alive!

(I hope you bastards appreciate this; it took me ages to get it to scan properly.)

How many people actually use PRNG? (1)

Secrity (742221) | more than 6 years ago | (#22369646)

PRNG is used mostly by people who don't have a random number generator. PRNG is not needed by most (all?) current Unices and Linux distributions as they have a random number generator at /dev/random and /dev/urandom. Even older versions of Unix have patches that add a random number generator.

Re:How many people actually use PRNG? (0)

Anonymous Coward | more than 6 years ago | (#22369818)

current Unices and Linux distributions as they have a random number generator at /dev/random and /dev/urandom.

Which in the absence of a hardware RNG, are also PRNGs.

Re:How many people actually use PRNG? (2, Interesting)

ivan256 (17499) | more than 6 years ago | (#22370052)

Where do you think the data for /dev/urandom comes from? It's a pseudo-random number generator unless you've got a hardware random number generator, but even that probably uses a pseudo-random algorithm.

Code excerpt for the curious... (5, Funny)

davidbrit2 (775091) | more than 6 years ago | (#22370206)

http://xkcd.com/221/ [xkcd.com] Oh hush, you knew somebody would post it.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?