Slashdot Mirror
Linux Crypto Packages Demolished
SiliconEntity writes "Cryptographer and security expert Peter Gutmann has demolished several Linux security software packages in a recent posting to the cryptography mailing list. He says, 'It's possible to create insecure 'security' products just as readily with open-source as with closed-source software. CIPE and vtun must be the OSS community's answer to Microsoft's PPTP implementation. What's even worse is that some of the flaws were pointed out nearly two years ago, but despite the hype about open-source products being quicker with security fixes, some of the protocols still haven't been fixed.'"
When I investigated CIPE for the first time two days ago, I read somewhere on the site that it didn't work yet, or that it provided no security. How can you critize a package for being insecure when they tell you it is?
Did I miss something?
Except that JWZ already has made a similar comment on this page:
Whenever a programmer thinks, "Hey, skins, what a cool idea", their computer's speakers should create some sort of cock-shaped soundwave and plunge it repeatedly through their skulls.
#1 Links to URLs not on standard ports stink. I'm stuck behind a very strict http proxy.
#2 Links to message lists stink to. The location of the content is not obvious. Maybe the offport link contains some valuable information.
#3 I did find the message that is the topic of this post. The material in the message seem very "dated".
No more Micro$oft bashing from me. Its like bashing at the special olympics.
FreeS/WAN
The real "Libtards" are the Libertarians!
http://www.glgarden.org/foreverman/brasseye.html
(if you're impatient, click "page 2" and search for "sound wave".)
"Whenever a programmer thinks, "Hey, skins, what a cool idea", their computer's speakers should create some sort of cock-shaped soundwave and plunge it repeatedly through their skulls." - Makali.
http://rocknerd.co.uk
Package: libgpgme11 ...
Description: GPGME - GnuPG Made Easy
GPGME is a wrapper library which provides a C API to access some of the GnuPG functions, such as encrypt, decrypt, sign, verify,
Can I hump your skull now?
Ah, no, it was coined by makali, in a LiveJournal reply to said post.
http://rocknerd.co.uk
Most clients now spawn an exec and pipe data to PGP or GPG. Nothing in the GPL prohibits that.
Aye, but the webpages for CIPE have been updated in 2003.
Gentoo Sucks
Rating: 8.35/10.00 (Rank N/A)
Vitality: 0.01% (Rank 4941)
Popularity: 2.72% (Rank 1001)
VTUN
Rating: 8.55/10.00 (Rank N/A)
Vitality: 0.02% (Rank 2787)
Popularity: 2.69% (Rank 1017)
Neither of these projects are dead, quite, but neither is terribly active, either. Sourceforge shows one developer for CIPE, for example.
As an earlier post said, crypto demands skills which aren't generally available, in an unusual combination. Many competent eyes make bugs shallow. Many competent coders make bugfixes quick. It looks as if those packages haven't drawn the competent eyes and coders yet.
Maybe Mr. Gutman's post will draw some good folks who are able to do the work to these projects. Or maybe it will inspire the maintainers to simply let them fade away. Either way, we're better off for his efforts.
A third possibility is that folks will just not care. Gutman tells us:
This kind of thing needs to be fixed or abandoned; bad security is worse than no securitySee what I've been reading.
Dude: he already has a PhD in cryptography from university of auckland
VTun has been updated
in 2002 and 2003.
Check their homepage:
http://vtun.sourceforge.net/
Maybe only small update.
here
so whats wrong with loopback?
vtun+SSH Port forwarding is the standard for quick+dirty+secure VPN's. vtun is simply a tunneling protocol with some basic security, it is not a secure product in it's own right. Add SSH and it's actually reasonably secure.
It also offers a couple of other advantages. Combined with SSH, it's actually secure when punching through a NAT'ing firwall (IPSec isn't since AH and NAT don't co-exist) and it's capable of tunneling at layer 2, so you can tunnel non IP network protocols (It can emulate a serial connection or an Ethernet connection)
"You've got an invalid haircut" -Warren Zevon - Life'll Kill Ya
It is eminently unfair to call these "Linux" packages.
.
Of course, none of them are GNU packages, either . .
OTOH, tinc does have a linux.org homepage, but then it seems to not be "Demolished" by any reasonable definition. He says "This is a terrible way to use RSA, and usually compromises the key." and I'm no crypto geek, but I think what he means by "compromises" is "provides and avenue of attack that is mathematically simpler than brute force against the key" not "reveals the secret".
So, two seemingly abandoned projects are suspect, and one relatively arbitrary (but Open Source!) package has a theoretical weakness.
All that said, my question is: What has been demonstrated (or demolished)?
-Peter
Of course, the author of that article went on to write CIPE, which is one of the problem protocols under discussion.
I use freeswan IPsec for securing wifi. The biggest problem with IPsec is that it suffers from "committee bloat" and is very complicated to use. Freeswan partially mitigates this complexity by implementing only a narrow subset of the RFCs (in fact, it is not even RFC compliant, because they deliberately removed some required features that might compromise security).
The good thing about IPsec, and freeswan in particular, is that they were openly developed with actual expert input and nobody has yet cast any doubt on the security of either.
Good lord. If he googled a bit more about vtun he would have seen responses in defense of it, as well as asking to go beyond theoretical garbage to proving the insecurity.
He says nothing new.
The key to using encryption with vtun is to use a strong password and to change it now and then. There's really nothing wrong with vtun's encryption approach otherwise.
Any potential software issues not relating to encryption do not make vtun any less secure than, say, SSH (see the latest patches).
Check out FreeBSD 5's GBDE system. It's still relatively new and needs some polishing, but is improving rapidly. It's already quite usable.
hmm, not so sure.
First, the CRC32 problems only put it on par with ssh 1. Which is still in use by many people I suspect. ok it should have been fixed.
The padding iisue just means that aes cant be used. afaik cipe doesnt let you change ciphers anyway. Its not that bad - the algorithms it uses are probably safe for a few more years. Plaintext size leaks small amounts of information, so it is not best practise, but not fatal. aes would be nice though.
The message sequence issue (replay etc) is on the face of it rather bad, except that cipe is designed for carrying ip traffic. Repeating or removing udp messages is fine, and tcp messages do have sequence numbers. So I fail to see how that is a problem.
And the key exchange is fairly irrelevant as it is basically a private key protocol. They key exchange stuff was an afterthought and I doubt if anyone uses it. Designing public key encryption is much harder and cipe should have stuck to private key.
1. Make good point that open and closed source software can both be insecure.
2. Demonstrate point by showing out insecurity in some open source software.
3. Someone notices the good point and fixes the insecure open source software.
4. Close source software gets no such notification, still has holes.
5. Point one nullified.
No, because GPGME is GPL, not LGPL, and all it does is make calls to the (GPL) GPG binary.
Peter Gutmann is a serious expert. I write security code for a living. (For IBM) Peter Gutmann has writen a few seminal papers such as "A Layman's Guide to ASN.1" which is required reading for anyone coming on the team.
Update here :..
http://tinyurl.com/ob52
I thought the whole point of poptop was that it used PPTP, which is inherently insecure.
L2TP replaces it, and MS seems to have got it right this time.
- Oliver
The right to bear arms is only slightly less stupid than the right to arm bears...