Thread: SSL (patch 5)

SSL (patch 5)

From
Bear Giles
Date:
Patch to add initialization from entropy source, either a
file ($HOME/.postgresql/.rand, $DataDir/.rand) or the
/dev/urandom device.

This is intended to reduce the ability of an attacker to
predict our "random" keys.

The random file can be generated with the OpenSSL command:
openssl rand -out .rand 1024.

Bear

Attachment

Re: SSL (patch 5)

From
Peter Eisentraut
Date:
Bear Giles writes:

> Patch to add initialization from entropy source, either a
> file ($HOME/.postgresql/.rand, $DataDir/.rand) or the
> /dev/urandom device.

I seem to recall that OpenSSL handles generating appropriate randomness
itself.  So far we've reject these kinds of attempts to do it ourselves.
How does it work now?

--
Peter Eisentraut   peter_e@gmx.net


Re: SSL (patch 5)

From
Bear Giles
Date:
> Bear Giles writes:
>
> > Patch to add initialization from entropy source, either a
> > file ($HOME/.postgresql/.rand, $DataDir/.rand) or the
> > /dev/urandom device.
>
> I seem to recall that OpenSSL handles generating appropriate randomness
> itself.

That's been an ongoing problem, and something may be done in 0.9.7.
But all of the sample implementations still show the use of explicit
initialization code, so that's why I added it.

> So far we've reject these kinds of attempts to do it ourselves.
> How does it work now?

The failure mode isn't that SSL stops, it's that it's easier for
an attacker to guess the next number that the PRNG will produce.
This can a big problem for high-volume servers.

Bear

Re: SSL (patch 5)

From
Tom Lane
Date:
Bear Giles <bgiles@coyotesong.com> writes:
>> I seem to recall that OpenSSL handles generating appropriate randomness
>> itself.

> That's been an ongoing problem, and something may be done in 0.9.7.

That's good to hear.  Our position has been that if security experts
(ie, the SSL library developers) cannot figure out how to generate
secure keys on particular platforms, it's folly to suppose that
non-security-expert application developers (eg, database weenies)
will somehow manage to do better with off-the-cuff solutions.
Encapsulating that kind of knowledge is exactly what a library is
supposed to do for us.  IMHO anyway.

            regards, tom lane

Re: SSL (patch 5)

From
Bruce Momjian
Date:
Seems we don't want this patch because we hope the SSL library will
handle it soon, right?


---------------------------------------------------------------------------

Bear Giles wrote:
> Patch to add initialization from entropy source, either a
> file ($HOME/.postgresql/.rand, $DataDir/.rand) or the
> /dev/urandom device.
>
> This is intended to reduce the ability of an attacker to
> predict our "random" keys.
>
> The random file can be generated with the OpenSSL command:
> openssl rand -out .rand 1024.
>
> Bear

Content-Description: /tmp/patch5

[ Attachment, skipping... ]

>
> ---------------------------(end of broadcast)---------------------------
> TIP 4: Don't 'kill -9' the postmaster

--
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman@candle.pha.pa.us               |  (610) 853-3000
  +  If your life is a hard drive,     |  830 Blythe Avenue
  +  Christ can be your backup.        |  Drexel Hill, Pennsylvania 19026

Re: SSL (patch 5)

From
Bruce Momjian
Date:
Bear, can you confirm that this patch should be rejected and that
hopefully the SSL library will handle it in the future?

---------------------------------------------------------------------------

Bear Giles wrote:
> Patch to add initialization from entropy source, either a
> file ($HOME/.postgresql/.rand, $DataDir/.rand) or the
> /dev/urandom device.
>
> This is intended to reduce the ability of an attacker to
> predict our "random" keys.
>
> The random file can be generated with the OpenSSL command:
> openssl rand -out .rand 1024.
>
> Bear

Content-Description: /tmp/patch5

[ Attachment, skipping... ]

>
> ---------------------------(end of broadcast)---------------------------
> TIP 4: Don't 'kill -9' the postmaster

--
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman@candle.pha.pa.us               |  (610) 853-3000
  +  If your life is a hard drive,     |  830 Blythe Avenue
  +  Christ can be your backup.        |  Drexel Hill, Pennsylvania 19026

Re: SSL (patch 5)

From
Bruce Momjian
Date:
Bear Giles wrote:
> Patch to add initialization from entropy source, either a
> file ($HOME/.postgresql/.rand, $DataDir/.rand) or the
> /dev/urandom device.
>
> This is intended to reduce the ability of an attacker to
> predict our "random" keys.
>
> The random file can be generated with the OpenSSL command:
> openssl rand -out .rand 1024.

Bear, this patch was rejected because we hope SSL will handle it itself
soon, right?

--
  Bruce Momjian                        |  http://candle.pha.pa.us
  pgman@candle.pha.pa.us               |  (610) 853-3000
  +  If your life is a hard drive,     |  830 Blythe Avenue
  +  Christ can be your backup.        |  Drexel Hill, Pennsylvania 19026