Devs Working To Stop Go Math Error Bugging Crypto Software (theregister.co.uk)

← Back to Stories (view on slashdot.org)

Devs Working To Stop Go Math Error Bugging Crypto Software (theregister.co.uk)

Posted by msmash on Thursday November 23, 2017 @08:40AM from the interesting-findings dept.

Richard Chirgwin, writing for The Register: Consider this an item for the watch-list, rather than a reason to hit the panic button: a math error in the Go language could potentially affect cryptographic libraries. Security researcher Guido Vranken (who earlier this year fuzzed up some bugs in OpenVPN) found an exponentiation error in the Go math/big package. Big numbers -- particularly big primes -- are the foundation of cryptography. Vranken posted to the oss-sec mailing list that he found the potential issue during testing of a fuzzer he wrote that "compares the results of mathematical operations (addition, subtraction, multiplication, ...) across multiple bignum libraries." Vranken and Go developer Russ Cox agreed that the bug needs specific conditions to be manifest: "it only affects the case e = 1 with m != nil and a pre-allocated non-zero receiver."

44 of 73 comments (clear)

Min score:

Reason:

Sort:

Very slim edge case by Anonymous Coward · 2017-11-23 08:43 · Score: 1, Interesting

The possibility of this manifesting in any meaningful way is about the same as Trump being elected to another term. In other words... move on, nothin' to see here.
1. Re:Very slim edge case by GerardAtJob · 2017-11-23 08:46 · Score: 2, Insightful
  
  A few months ago you would've told "The possibility [...] is about the same as Trump being elected." but it happened! Even if chances are low, it can still happens!
  
  --
  I can't call that English ;-)
2. Re: Very slim edge case by Anonymous Coward · 2017-11-23 08:50 · Score: 5, Funny
  
  Congrats, you've managed to bring up Trump in a completely unrelated article. You guys are worse than Hitler.
3. Re:Very slim edge case by 93+Escort+Wagon · 2017-11-23 09:01 · Score: 4, Insightful
  
  I remember, years ago, hearing pretty much that same argument (excepting the Trump reference) when the first jpeg executable exploit was discovered.
  Once a flaw is known, it is a mistake to assume clever people won’t find a clever way to practically leverage it - no matter how obscure it seems at first glance.
  
  --
  #DeleteChrome
4. Re: Very slim edge case by AvitarX · 2017-11-23 09:10 · Score: 1, Offtopic
  
  Ranges for Trump's election we're 2-33 percent a year and a month ago.
  I hope that's not the odds of this big coming up, that seems quite high.
  I'd actually put reelection at 25% personally.
  
  --
  Wow, sent an e-mail as suggested when clicking on "use classic" banner, and got a fast response that addressed my msg
5. Re:Very slim edge case by Anonymous Coward · 2017-11-23 09:29 · Score: 1
  
  Trump is actually projected to win, so greater than 50%?
6. Re: Very slim edge case by ckatko · 2017-11-23 09:37 · Score: 2
  
  That's literally what Slashdot has been since the election. Just a competition to see who can shoehorn the president into today's unrelated topic.
  It's really quite pathetic. But it shouldn't be surprising when you realize all the industry experts have left Slashdot and moved to Hacker News.
  No more John Carmack. No more Walter Bright (creator of D and dozens of compilers). They're all gone because the SNR of this site has gone from good, to parody.
7. Re: Very slim edge case by ShanghaiBill · 2017-11-23 10:14 · Score: 4, Insightful
  
  I'd actually put reelection at 25% personally.
  I give him 50%. He is unpopular, and the election is the Democrat's to lose, but the Dems have an immense capacity for squandering opportunities and self-destructing. If they nominate someone like Elizabeth Warren or Chuck Schumer, I don't see how they are going to carry a single southern state (maybe Virginia), or win much of the Midwest.They can't win with just the coasts. That have to flip either Pennsylvania or Florida. If they can flip both, they win. Otherwise they also need to flip either Michigan or Wisconsin. That will be very hard with a coastal lefty, and there are few moderate Democrats with national stature.
8. Re:Very slim edge case by behrooz0az · 2017-11-23 10:48 · Score: 2, Funny
  
  Ain't karma a bitch?
  You laughed at us Iranians when we got ahmadi-nejad, TWICE. Who's laughing now?
  
  --
  Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion. -- Spazmania (174582)
9. Re: Very slim edge case by TimHunter · 2017-11-23 12:21 · Score: 2
  
  Just a competition to see who can shoehorn Apple into today's unrelated topic.
  FTFY
10. Re: Very slim edge case by David+Gould · 2017-11-23 15:28 · Score: 2
  
  We weren't laughing, we were watching in horror.
  
  --
  David Gould
  main(i){putchar(340056100>>(i-1)*5&31|!!(i<6)<< 6)&&main(++i);}
11. Re: Very slim edge case by jovius · 2017-11-23 21:06 · Score: 1
  
  Some other candidate: It only affects the case e = 1 with m != nil and a pre-allocated non-zero receiver.
  Trump: Didâ(TM)ya understand any of that? [laughter] Who needs that? [â¦] Me neither! [cheer and applause]
  Boom elected!
12. Re:Very slim edge case by gtall · 2017-11-23 23:08 · Score: 1
  
  Shit happens.
13. Re: Very slim edge case by gtall · 2017-11-23 23:11 · Score: 2
  
  Really? Hitler whacked millions. Okay youse guys, how many have you whacked so we can run the numbers and get this Hitler accusation decided.
14. Re:Very slim edge case by MoarSauce123 · 2017-11-24 01:57 · Score: 1
  
  Same was said about the total disaster of a president: Reagan. Massive deficit spending, double digit unemployment, tax cuts only for the rich, almost starting a nuclear war...and yet he easily won a second term. We are at a point where either end of the spectrum rather votes for a groper and child molester as long as the candidate of the other side doesn't get in. As far as Go is concerned...how many more buggy and convoluted programming languages do we need? I'm not saying let's all go back and code exclusively in Plankalkül, but there isn't anything that Go solves so tremendously better than any of the dozen other modern programming languages.
15. Re: Very slim edge case by MoarSauce123 · 2017-11-24 01:59 · Score: 1
  
  I think the opportunities to flip these states are there. By then those Trump fans in these states are still waiting for America to become great again and getting their mining or stamping plant jobs back that Reagonomics killed in the 80s. I do agree that the Democrats in their current constellation have the unique quality to screw this up.
16. Re: Very slim edge case by MoarSauce123 · 2017-11-24 02:03 · Score: 1
  
  But Hitler has something to do with it? Politically and ideologically Trump and Hitler are the same. So what's your point? Cue the cricket sound.... That aside, sure, Trump has nothing to do with Go (as long as Go exclusively generates results that match Trumps alternate reality), but the commenter used it as an example. He should have picked something else, like the US qualifying for the World Cup.
Young Math is Best Math by Anonymous Coward · 2017-11-23 08:52 · Score: 2, Funny

Fuck you old people don't know your shit. Young rockstar coders need to reinvent your dinosaur wheels because you fucking suck.
Lol whut r codez iz bugged?!!
Congratulations, msmash! by sconeu · 2017-11-23 09:14 · Score: 3, Insightful

You have composed what may be the world's most incomprehensible headline!

--
General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
1. Re:Congratulations, msmash! by djbckr · 2017-11-23 09:26 · Score: 2
  
  You have composed what may be the world's most incomprehensible headline!
  Actually, he just copied the headline straight from the article (yes, I read it).
2. Re:Congratulations, msmash! by Threni · 2017-11-23 20:03 · Score: 2
  
  Working to stop go...got it.
Re:Super Secure by viperidaenz · 2017-11-23 09:16 · Score: 2

Like the code to my luggage! 1231!
It was 1234 but someone told me prime numbers are more secure so I changed it.
Re:Super Secure by CustomSolvers2 · 2017-11-23 09:36 · Score: 1

prime numbers are more secure so I changed it.
But this only works with prime numbers whose digits in even positions are uneven. Except on Tuesday when any prime number is fine except 5. LOL.

--
Custom Solvers 2.0 = Alvaro Carballo Garcia = varocarbas.
Re:Super Secure by viperidaenz · 2017-11-23 09:51 · Score: 1

14389 is a prime with uneven digits in even positions
Language specific by hackwrench · 2017-11-23 09:54 · Score: 1

So why is this a Go only problem and not one across all languages?
1. Re:Language specific by Richard_at_work · 2017-11-23 10:29 · Score: 2
  
  Because only Go uses the Go math/big package, and the issue is with how the math is done in that package?
2. Re: Language specific by Zero__Kelvin · 2017-11-23 11:14 · Score: 1
  
  Better question: Why are you on Slashdot when you could be reading Digg right now?
  
  --
  Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
3. Re: Language specific by hackwrench · 2017-11-23 11:35 · Score: 1
  
  Except all libraries are derived from earlier work done in the computing field all the way back to when they had to wire computers manually and before that pen and paper.
4. Re: Language specific by hackwrench · 2017-11-23 11:36 · Score: 1
  
  How is that a better question? Answer: Liminality.
5. Re: Language specific by Anonymous Coward · 2017-11-23 13:59 · Score: 1
  
  So why is this a Go only problem and not one across all languages?
  *snip*
  
  Except all libraries are derived from earlier work done in the computing field all the way back to when they had to wire computers manually and before that pen and paper.
  Remember kids, when you derive a new library for a new language, you still need to be capable of counting up to at least the same number as the old libraries can.
  Go just can't count that high and gives up trying when it gets just one number away from the finish line.
  From the article:
  Vranken and Go developer Russ Cox agreed that the bug needs specific conditions to be manifest: "it only affects the case e = 1 with m != nil and a pre-allocated non-zero receiver."
  That's expanded in the post, by way of explanation: "For an exponent of 1, big.Int.Exp returns the correct value only for a 0 recipient, and an off-by-one result for all pre-allocated recipients."
  To answer your question, it's a problem in Go and not all languages, because all other languages do it right and Go fucks it up :P
  Thus it's a Go problem.
6. Re: Language specific by Zero__Kelvin · 2017-11-24 01:31 · Score: 1
  
  It isn't a flaw in math dumbshit. It's a flaw in the implementation.
  
  --
  Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
Re:Super Secure by CustomSolvers2 · 2017-11-23 10:01 · Score: 2

14389 is a prime with uneven digits in even positions
In a zero-based position counting, yes; but this is the convention only in some (well, most of) programming languages. In an informal chat, the most common interpretation is to assume 1-based positions. Anyway, I was evidently joking: all the numbers are equally secure and random, except 4. LOL.

--
Custom Solvers 2.0 = Alvaro Carballo Garcia = varocarbas.
another f'd up headline by swell · 2017-11-23 10:05 · Score: 2

Will someone pull Slashdot out of the Dark Ages?
There was a time when it made (commercial) sense to capitalize every word in a headline. Yes, it made money for the hawkers of early newspapers. Big noisy obnoxious headlines made the news sound exciting and motivated people to spend a penny or a nickel.
How does this mess of a headline make money for Slashdot. How does it make the headline readable? Exactly what are the benefits of this abuse of the language in the age of the internet?
Wake up Slashdot. Look around- many publishers aren't living in the Dark Ages any more.

--
...omphaloskepsis often...
1. Re: another f'd up headline by Zero__Kelvin · 2017-11-23 11:15 · Score: 1
  
  It's the one thing they usually get right captain dumbfuck.
  
  --
  Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
Re:I do declare by lucasnate1 · 2017-11-23 11:51 · Score: 1

Actually, python is much more consistent and documented than go :(

--
Avantgarde Hebrew science fiction
Where there's one bug there's more. by mveloso · 2017-11-23 15:11 · Score: 2

It behooves them to look deeper, because it's always unclear whether those bugs are intentional or not. The more preconditions there are the more likely the issue wasn't organic.
1. Re:Where there's one bug there's more. by Anonymous Coward · 2017-11-23 23:34 · Score: 1
  
  Where there are no bugs, they're just hiding better. Works on real insects as well.
2. Re:Where there's one bug there's more. by martyros · 2017-11-23 23:37 · Score: 1
  
  The more preconditions there are the more likely the issue wasn't organic.
  That may sound plausible if you've never looked at security issues; but if you actually look at the bugs behind security issues in more depth, it becomes obvious that such "lots of conditions need to be met" is pretty natural.
  In a well-reviewed and well-tested project (as Golang's math library certainly is), the "obvious stupid" bugs were caught and fixed in review or testing. So the kinds of bugs that manage to slip past this filter are the bugs that are about the quirky corner cases: An if() statement that checks for a highly unusual error condition but then does the wrong thing when it happens, or that does the right thing the unusual case A, or unusual case B, but doesn't do the right thing in the extremely rare case they happen at the same time. The bugs in these cases are usually very much the kind of "oops, forgot about that" mistake that you can totally see yourself making.
  That's not proof, of course, that the bugs weren't put there on purpose; "underhanded" programming is a thing. It just means that the number of preconditions doesn't give you information one way or the other about whether it was intentional or not.
  
  --
  TCP: Why the Internet is full of SYN.
3. Re:Where there's one bug there's more. by Zero__Kelvin · 2017-11-24 01:36 · Score: 1
  
  I don't know where you learned to write software (if you did), but more conditions of any kind means more bugs are likely.
  
  --
  Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
Re:Super Secure by CustomSolvers2 · 2017-11-23 21:04 · Score: 2

Honestly, I thought that you were also kidding in your first post. Perhaps this wasn't the case, so I will better clarify that the peculiarities of prime numbers only make sense within a very specific context (similarly to what happens with pretty much any other thing), namely divisions. In some algorithms and for whatever reasons you might prefer to make sure that a given number isn't divisible by others and this is where prime numbers are useful. The fact that prime numbers are being used in a relevant number of encryption algorithms (I cannot tell for sure right away, but in principle it doesn't look like an absolutely unavoidable requirement) has to be understood as those algorithms providing the aforementioned meaningful context for them (= divisions where having a reminder different than zero matters or not).

In general terms and when choosing any given number, all of them are identically good. The right context for choosing a safe password is it to be difficult for other person to guess. Thinking that specific numbers or days of the week or years or similar are intrinsically better than others only makes sense within magic-like expectations (superstition, religion or things on these lines), what is pretty much the opposite to what empirical and deterministic maths/programming/engineering/science everything is supposed to be.

--
Custom Solvers 2.0 = Alvaro Carballo Garcia = varocarbas.
Re:Super Secure by viperidaenz · 2017-11-26 07:56 · Score: 1

Thinking that specific numbers or days of the week or years or similar are intrinsically better than others only makes sense within magic-like expectations
You can't hack my work account on a weekend, because the helpdesk is closed. Everything is turned off.
The first day back after the Christmas shutdown period would be the best time to do it, since the number of password resets being logged at the helpdesk will overload the poor people working there. They're going to be less vigilant with each call so they can get through them all.
What do you know... computer security does matter when it comes to specific days of the week and religion defined celebrations.
Re:Super Secure by CustomSolvers2 · 2017-11-26 20:32 · Score: 1

What do you know... computer security does matter when it comes to specific days of the week and religion defined celebrations.
You are getting my statement out of context. I meant when trying to come up with a good enough password regardless of anything else. In other situations, that information might certainly be relevant. Everything is a matter of (properly understanding the given) context.

--
Custom Solvers 2.0 = Alvaro Carballo Garcia = varocarbas.
Re:Super Secure by viperidaenz · 2017-11-27 07:33 · Score: 1

You are getting my statement out of context.
No, I'm winding you up.
Have been this whole time
Re:Super Secure by CustomSolvers2 · 2017-11-27 07:53 · Score: 1

No, I'm winding you up.
OK. Although I honestly don't fully get your behaviour as far as I already said that I was assuming that you were kidding, but you continued anyway in a not particularly funny fashion! It has been something like "You are kidding! - No, I am not! - OK, then let me explain... - Haha, I was actually kidding!". Well, if you are happy and nobody was harmed, I guess that everything is fine; but please never invite me to your comedy show :)

--
Custom Solvers 2.0 = Alvaro Carballo Garcia = varocarbas.