Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 27 Apr 2011 03:45:26 +0400
From: Solar Designer <solar@...nwall.com>
To: announce@...ts.openwall.com
Subject: [openwall-announce] GSoC 2011 accepted projects; Summer of Security; new mailing lists

Hi,

As announced previously, Openwall is participating in Google Summer of
Code 2011 (GSoC).  We've accepted 5 great student projects, which I'll
announce below.  However, many more students had applied, and we'd love
to work with some of those who we couldn't accept specifically under the
GSoC program.  Thus, our own Summer of Security program is born:

http://openwall.info/wiki/summer-of-security

This is inspired by similar programs run by some other GSoC mentoring
organizations.  (The name Summer of Security was suggested by Donnie
Berkholz of Gentoo - thanks!)  Initially, we intend to focus on GSoC
students who we would have accepted under slightly different
circumstances, but almost anyone else is welcome to apply (please refer
to the wiki page above for details).  We welcome non-code contributions
as well.

Now, the GSoC students who will work with us this summer, and their
projects (in "ideas page" order):

Vasiliy Kulikov will work on Linux kernel hardening, producing patches
both for latest mainline kernels and for RHEL6/OpenVZ kernels (which
we're going to use in Owl).  Thus, he is to work with LKML, Red Hat, and
OpenVZ folks, as well as with others involved/interested (Ubuntu,
Gentoo, grsecurity/PaX).  As many of you are aware, Vasiliy has been
with Openwall since last year and he intends to stay involved after GSoC
2011, which is important since this project is likely to proceed beyond
the end of summer.  Vasiliy is already starting the work:
http://www.openwall.com/lists/owl-dev/2011/04/23/1

Dhiru Kholia, who had contributed some John the Ripper patches before,
has chosen to work on the "support more non-hashes" task now.  In fact,
he has already implemented a SSH private key passphrase cracker as a JtR
patch (this early implementation is far from clean and is quite limited,
but it's a good start):
http://www.openwall.com/lists/john-dev/2011/04/26/2
http://openwall.info/wiki/john/patches
http://openwall.info/wiki/john/non-hashes

Lukas Odzioba is to work on GPU-accelerated support for "slow" hashes in
John the Ripper.  To get started (and selected for GSoC), he implemented
JtR patches that crack SHA-256 ("fast") and 5000 iterations of SHA-256
("slow") hashes on NVidia GPUs (currently implemented in CUDA).  (As
expected, without changes to JtR core, good efficiency is only achieved
for "slow" hashes.)  Lukas is currently working on phpass hashes.
http://www.openwall.com/lists/john-dev/2011/04/14/3
http://openwall.info/wiki/john/GPU

Yuri Gonzaga is to work on a new password hashing method for servers,
including an FPGA implementation.  He has already implemented bcrypt on
FPGA as his qualification task:
http://openwall.info/wiki/john/FPGA
Project rationale:
http://www.openwall.com/lists/crypt-dev/2011/04/05/2

Luka Marcetic will work with Rich Felker (mentor) to implement standard
C library unit tests, which will be used to test current and future
versions of musl, glibc, and other implementations:
http://openwall.info/wiki/musl/unit-tests
Additions to this wiki page are welcome.
In fact, Luka has already implemented one of the tests as his
qualification task:
http://www.openwall.com/lists/musl/2011/04/14/3
(this code will need to be cleaned up and wrapped in a testing framework).

Many other students contributed code as well.  As I wrote above, we
intend to work with some of them under Summer of Security.

The ideas page has been revised to note which projects are claimed under
GSoC 2011, and to link to mailing list postings and wiki pages with
relevant contributions:

http://openwall.info/wiki/ideas

Then, we've setup three new mailing lists (two of which have already
been indirectly mentioned above): crypt-dev (design and implementation
of a new password hashing method for servers), musl (discussions around
musl, a new standard C library for Linux), and sabotage (discussions
around Sabotage Linux, an experimental distribution based on musl and
BusyBox).  The archives and subscription form are available here:

http://www.openwall.com/lists/

Last but not least, I'd like to thank Google for continuing to sponsor
Open Source projects - and even increasing the budget this year,
accepting as many as 175 mentoring organizations and 1116 students.
Some of the students may get into Open Source specifically due to this
program.  I would also like to thank Nmap, Gentoo, and coreboot
projects (established GSoC mentoring organizations) for the
assistance they have provided us (a new GSoC mentoring organization).

http://google-opensource.blogspot.com/2011/04/students-announced-for-2011-google.html
http://nmap.org
http://www.gentoo.org
http://www.coreboot.org

Did you know that coreboot can embed a Linux kernel+initrd or a
cryptographically enhanced bootloader (GRUB2 with patches) into the
mainboard flash/BIOS chip to get a secure boot without relying on
signature verification code stored on disk?  (I didn't.)

Alexander

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux - Powered by OpenVZ