Thread: SSL (patch 5)
Patch to add initialization from entropy source, either a file ($HOME/.postgresql/.rand, $DataDir/.rand) or the /dev/urandom device. This is intended to reduce the ability of an attacker to predict our "random" keys. The random file can be generated with the OpenSSL command: openssl rand -out .rand 1024. Bear
Attachment
Bear Giles writes: > Patch to add initialization from entropy source, either a > file ($HOME/.postgresql/.rand, $DataDir/.rand) or the > /dev/urandom device. I seem to recall that OpenSSL handles generating appropriate randomness itself. So far we've reject these kinds of attempts to do it ourselves. How does it work now? -- Peter Eisentraut peter_e@gmx.net
> Bear Giles writes: > > > Patch to add initialization from entropy source, either a > > file ($HOME/.postgresql/.rand, $DataDir/.rand) or the > > /dev/urandom device. > > I seem to recall that OpenSSL handles generating appropriate randomness > itself. That's been an ongoing problem, and something may be done in 0.9.7. But all of the sample implementations still show the use of explicit initialization code, so that's why I added it. > So far we've reject these kinds of attempts to do it ourselves. > How does it work now? The failure mode isn't that SSL stops, it's that it's easier for an attacker to guess the next number that the PRNG will produce. This can a big problem for high-volume servers. Bear
Bear Giles <bgiles@coyotesong.com> writes: >> I seem to recall that OpenSSL handles generating appropriate randomness >> itself. > That's been an ongoing problem, and something may be done in 0.9.7. That's good to hear. Our position has been that if security experts (ie, the SSL library developers) cannot figure out how to generate secure keys on particular platforms, it's folly to suppose that non-security-expert application developers (eg, database weenies) will somehow manage to do better with off-the-cuff solutions. Encapsulating that kind of knowledge is exactly what a library is supposed to do for us. IMHO anyway. regards, tom lane
Seems we don't want this patch because we hope the SSL library will handle it soon, right? --------------------------------------------------------------------------- Bear Giles wrote: > Patch to add initialization from entropy source, either a > file ($HOME/.postgresql/.rand, $DataDir/.rand) or the > /dev/urandom device. > > This is intended to reduce the ability of an attacker to > predict our "random" keys. > > The random file can be generated with the OpenSSL command: > openssl rand -out .rand 1024. > > Bear Content-Description: /tmp/patch5 [ Attachment, skipping... ] > > ---------------------------(end of broadcast)--------------------------- > TIP 4: Don't 'kill -9' the postmaster -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 853-3000 + If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup. | Drexel Hill, Pennsylvania 19026
Bear, can you confirm that this patch should be rejected and that hopefully the SSL library will handle it in the future? --------------------------------------------------------------------------- Bear Giles wrote: > Patch to add initialization from entropy source, either a > file ($HOME/.postgresql/.rand, $DataDir/.rand) or the > /dev/urandom device. > > This is intended to reduce the ability of an attacker to > predict our "random" keys. > > The random file can be generated with the OpenSSL command: > openssl rand -out .rand 1024. > > Bear Content-Description: /tmp/patch5 [ Attachment, skipping... ] > > ---------------------------(end of broadcast)--------------------------- > TIP 4: Don't 'kill -9' the postmaster -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 853-3000 + If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup. | Drexel Hill, Pennsylvania 19026
Bear Giles wrote: > Patch to add initialization from entropy source, either a > file ($HOME/.postgresql/.rand, $DataDir/.rand) or the > /dev/urandom device. > > This is intended to reduce the ability of an attacker to > predict our "random" keys. > > The random file can be generated with the OpenSSL command: > openssl rand -out .rand 1024. Bear, this patch was rejected because we hope SSL will handle it itself soon, right? -- Bruce Momjian | http://candle.pha.pa.us pgman@candle.pha.pa.us | (610) 853-3000 + If your life is a hard drive, | 830 Blythe Avenue + Christ can be your backup. | Drexel Hill, Pennsylvania 19026