Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 16 Feb 2016 20:45:32 +0300
From: Solar Designer <>
Subject: Re: list of security features in musl

On Thu, Feb 11, 2016 at 08:11:19PM +0100, Szabolcs Nagy wrote:
> - about 'security feature lists':
>   the fedora project lists 'sha256 based passwd hash' in glibc
>   as a security feature[0], that implementation is
>   - a denial of service attack vector (computation depends on
>     key length more than the admin controlled round count).
>   - arch dependent(!), one can craft a passwd entry such that
>     only 32bit machines can log in.

What do you mean here?  32-bit overflow/wraparound with very high
rounds= specification?

>   - unbounded alloca(!) use was fixed in 2012, long after
>     fedora added support for it (the reference implementation
>     in the spec still has the problem, among other issues[1]).
>   - uses arbitrary sized realloc for the global crypt state
>     even though 100 bytes would be enough (checks salt len
>     after reallocation).
>   - not standard conform c code: aligned attribute, alloca,
>     section attribute, undefined behaviour: (tmp - (char *) 0).
>   - meant to be used outside the libc, but secrets are cleared
>     with memset which can be optimized away.
>   (i think there are other issues in this sha256-crypt.c, but
>   the point is: implementation details matter so security check
>   lists should be taken with a grain of salt.)
> [0]:
> [1]:

Another issue is that SHA-crypt leaks 8 bits via timing (total execution
time, not just cache-timing), for no good reason at all (not a tradeoff):

"18. repeast the following 16+A[0] times, where A[0] represents the first
    byte in digest A interpreted as an 8-bit unsigned value

      add the salt to digest DS"

For comparison, bcrypt is not cache-timing-safe, but that's a tradeoff.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.