Re: [Tails-dev] Please review & merge feature/install-passwo…

Delete this message

Reply to this message
Author: intrigeri
Date:  
To: The Tails public development discussion list
Subject: Re: [Tails-dev] Please review & merge feature/install-password-manager
Hi,

Robert Ransom wrote (10 Jan 2013 01:21:35 GMT) :
> * src/lib/random.cpp will use fake entropy produced by a
> non-cryptographic PRNG with a 32-bit seed if it fails to open or read
> from /dev/urandom.


I don't see many reasons why this would happen in practice, and
I guess we can ignore that one, but still, I see no valid reason for
this code's behavior on GNU/Linux. Robert, do you intend to report
it upstream?

> * src/dialogs/CollectEntropyDlg.cpp records the (low-entropy) sequence
> of keys pressed by the user, and discards the keystroke event timings
> which contain most of the entropy.


Any idea if this feature is used for anything else than the password
generator (where it is apparently disabled by default)?

> * It uses the Gladman implementation of AES, which makes no attempt to
> resist timing side-channel attacks. (It also supports using Twofish
> to encrypt password databases; Twofish cannot be implemented
> efficiently without side-channel leaks.)


I beg your pardon if my question is naive, but (aside from the fact
such bad practice is not exactly trust inspiring) is there a practical
drawback of such timing side-channel attacks in an non-networking
application used in the intended context of a Tails password manager?

> * It also includes an RC4 implementation (RC4 also cannot be
> implemented efficiently without side-channel leaks), and uses a single
> global RC4 key to ‘encrypt’ multiple strings in memory (see
> src/lib/SecString.[hc]) by XORing each of them with (part of) the same
> sequence of keystream bytes.


Is this a practical problem in the intended usecase?

> The cryptography used on disk should be adequate, aside from the
> side-channel leaks and the fake RNGs. (It encrypts the whole file
> using a block cipher in CBC mode with a random IV and mediocre
> integrity protection.)


OK.

Thanks a lot for your review!

As you probably noticed already, the copyright and license issues were
reported. On the security side, it looks to me like none of these
issues look critical for the intended usecase in Tails, so I think we
can go ahead. If I'm mistaken, please tell me :)

Cheers,
--
intrigeri
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc