Cryptography in Openbsd
Total Page:16
File Type:pdf, Size:1020Kb
Load more
Recommended publications
-
Oracle Solaris 11.4 Security Target, V1.3
Oracle Solaris 11.4 Security Target Version 1.3 February 2021 Document prepared by www.lightshipsec.com Oracle Security Target Document History Version Date Author Description 1.0 09 Nov 2020 G Nickel Update TOE version 1.1 19 Nov 2020 G Nickel Update IDR version 1.2 25 Jan 2021 L Turner Update TLS and SSH. 1.3 8 Feb 2021 L Turner Finalize for certification. Page 2 of 40 Oracle Security Target Table of Contents 1 Introduction ........................................................................................................................... 5 1.1 Overview ........................................................................................................................ 5 1.2 Identification ................................................................................................................... 5 1.3 Conformance Claims ...................................................................................................... 5 1.4 Terminology ................................................................................................................... 6 2 TOE Description .................................................................................................................... 9 2.1 Type ............................................................................................................................... 9 2.2 Usage ............................................................................................................................. 9 2.3 Logical Scope ................................................................................................................ -
Cryptanalysis of the Random Number Generator of the Windows Operating System
Cryptanalysis of the Random Number Generator of the Windows Operating System Leo Dorrendorf School of Engineering and Computer Science The Hebrew University of Jerusalem 91904 Jerusalem, Israel [email protected] Zvi Gutterman Benny Pinkas¤ School of Engineering and Computer Science Department of Computer Science The Hebrew University of Jerusalem University of Haifa 91904 Jerusalem, Israel 31905 Haifa, Israel [email protected] [email protected] November 4, 2007 Abstract The pseudo-random number generator (PRNG) used by the Windows operating system is the most commonly used PRNG. The pseudo-randomness of the output of this generator is crucial for the security of almost any application running in Windows. Nevertheless, its exact algorithm was never published. We examined the binary code of a distribution of Windows 2000, which is still the second most popular operating system after Windows XP. (This investigation was done without any help from Microsoft.) We reconstructed, for the ¯rst time, the algorithm used by the pseudo- random number generator (namely, the function CryptGenRandom). We analyzed the security of the algorithm and found a non-trivial attack: given the internal state of the generator, the previous state can be computed in O(223) work (this is an attack on the forward-security of the generator, an O(1) attack on backward security is trivial). The attack on forward-security demonstrates that the design of the generator is flawed, since it is well known how to prevent such attacks. We also analyzed the way in which the generator is run by the operating system, and found that it ampli¯es the e®ect of the attacks: The generator is run in user mode rather than in kernel mode, and therefore it is easy to access its state even without administrator privileges. -
New Concept of the Android Keystore Service with Regard to Security and Portability
University of Bremen Department of Mathematics and Computer Science New concept of the Android keystore service with regard to security and portability. Master’s Thesis by Fritjof Bornebusch reviewed by Dr. Karsten Sohr Prof. Dr. Jan Peleska supervised by Dipl. Inf. Florian Junge 2016 Confirmation I hereby confirm that I wrote this master thesis on my own and that I have used only the indicated references, resources, and aids. In German: Hiermit bestätige ich, dass ich die vorliegende Masterthesis selbstständig verfasst, und keine anderen als die angegebenen Quellen und Hilfsmittel verwendet habe. Bremen, 1/13/2016 Fritjof Bornebusch “Any fool can write code that a computer can understand. Good programmers write code that humans can understand.” – Martin Fowler – Bornebusch, Fritjof New concept of the Android keystore service with regard to security and portability. Master’s thesis, Department 3 - Mathematics / Computer Science University of Bremen, 2015 This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License (CC BY-NC-SA 4.0). To view a copy of this license, send an email to [email protected], visit http://creativecommons.org/licenses/by-nc-sa/4.0/ or send a letter to Creative Commons, PO Box 1866, Mountain View, California, 94042, USA. Table of Contents Acknowledgements 7 List of Figures 9 List of Listings 10 Acronyms 13 Glossary 15 1 Introduction 19 2 Background 24 2.1 Android System Architecture . 24 2.1.1 Security-Enhanced Linux . 28 2.1.2 Capabilities . 31 2.2 Memory Vulnerabilities . 32 2.2.1 Buffer Overflow Protection . 33 2.2.2 Dead Store Elimination . -
Z/OS Openssh User's Guide
z/OS Version 2 Release 4 z/OS OpenSSH User's Guide IBM SC27-6806-40 Note Before using this information and the product it supports, read the information in “Notices” on page 503. This edition applies to Version 2 Release 4 of z/OS (5650-ZOS) and to all subsequent releases and modifications until otherwise indicated in new editions. Last updated: 2020-11-16 © Copyright International Business Machines Corporation 2015, 2019. US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. Contents Figures................................................................................................................. ix Tables.................................................................................................................. xi About this document...........................................................................................xiii Who should use this document?............................................................................................................... xiii z/OS information........................................................................................................................................xiii Discussion list...................................................................................................................................... xiii How to send your comments to IBM......................................................................xv If you have a technical problem.................................................................................................................xv -
Vulnerabilities of the Linux Random Number Generator
Black Hat 2006 Open to Attack Vulnerabilities of the Linux Random Number Generator Zvi Gutterman Chief Technology Officer with Benny Pinkas Tzachy Reinman Zvi Gutterman CTO, Safend Previously a chief architect in the IP infrastructure group for ECTEL (NASDAQ:ECTX) and an officer in the Israeli Defense Forces (IDF) Elite Intelligence unit. Master's and Bachelor's degrees in Computer Science from the Israeli Institute of Technology. Ph.D. candidate at the Hebrew University of Jerusalem, focusing on security, network protocols, and software engineering. - Proprietary & Confidential - Safend Safend is a leading provider of innovative endpoint security solutions that protect against corporate data leakage and penetration via physical and wireless ports. Safend Auditor and Safend Protector deliver complete visibility and granular control over all enterprise endpoints. Safend's robust, ultra- secure solutions are intuitive to manage, almost impossible to circumvent, and guarantee connectivity and productivity, without sacrificing security. For more information, visit www.safend.com. - Proprietary & Confidential - Pseudo-Random-Number-Generator (PRNG) Elementary and critical component in many cryptographic protocols Usually: “… Alice picks key K at random …” In practice looks like random.nextBytes(bytes); session_id = digest.digest(bytes); • Which is equal to session_id = md5(get next 16 random bytes) - Proprietary & Confidential - If the PRNG is predictable the cryptosystem is not secure Demonstrated in - Netscape SSL [GoldbergWagner 96] http://www.cs.berkeley.edu/~daw/papers/ddj-netscape.html Apache session-id’s [GuttermanMalkhi 05] http://www.gutterman.net/publications/2005/02/hold_your_sessions_an_attack_o.html - Proprietary & Confidential - General PRNG Scheme 0 0 01 Stateseed 110 100010 Properties: 1. Pseudo-randomness Output bits are indistinguishable from uniform random stream 2. -
Analysis of Entropy Usage in Random Number Generators
DEGREE PROJECT IN THE FIELD OF TECHNOLOGY ENGINEERING PHYSICS AND THE MAIN FIELD OF STUDY COMPUTER SCIENCE AND ENGINEERING, SECOND CYCLE, 30 CREDITS STOCKHOLM, SWEDEN 2017 Analysis of Entropy Usage in Random Number Generators KTH ROYAL INSTITUTE OF TECHNOLOGY SCHOOL OF COMPUTER SCIENCE AND COMMUNICATION Analysis of Entropy Usage in Random Number Generators JOEL GÄRTNER Master in Computer Science Date: September 16, 2017 Supervisor: Douglas Wikström Examiner: Johan Håstad Principal: Omegapoint Swedish title: Analys av entropianvändning i slumptalsgeneratorer School of Computer Science and Communication i Abstract Cryptographically secure random number generators usually require an outside seed to be initialized. Other solutions instead use a continuous entropy stream to ensure that the internal state of the generator always remains unpredictable. This thesis analyses four such generators with entropy inputs. Furthermore, different ways to estimate entropy is presented and a new method useful for the generator analy- sis is developed. The developed entropy estimator performs well in tests and is used to analyse en- tropy gathered from the different generators. Furthermore, all the analysed generators exhibit some seemingly unintentional behaviour, but most should still be safe for use. ii Sammanfattning Kryptografiskt säkra slumptalsgeneratorer behöver ofta initialiseras med ett oförutsägbart frö. En annan lösning är att istället konstant ge slumptalsgeneratorer entropi. Detta gör det möjligt att garantera att det interna tillståndet i generatorn hålls oförutsägbart. I den här rapporten analyseras fyra sådana generatorer som matas med entropi. Dess- utom presenteras olika sätt att skatta entropi och en ny skattningsmetod utvecklas för att användas till analysen av generatorerna. Den framtagna metoden för entropiskattning lyckas bra i tester och används för att analysera entropin i de olika generatorerna. -
LIBRARIES Building a Global Information Assurance Program.Pdf
Building a Global Information Assurance Program OTHER AUERBACH PUBLICATIONS The ABCs of IP Addressing Information Security Management Gilbert Held Handbook, 4th Edition, Volume 4 ISBN: 0-8493-1144-6 Harold F. Tipton and Micki Krause, Editors The ABCs of TCP/IP ISBN: 0-8493-1518-2 Gilbert Held Information Security Policies, ISBN: 0-8493-1463-1 Procedures, and Standards: Building an Information Security Guidelines for Effective Information Awareness Program Security Management Mark B. Desman Thomas R. Peltier ISBN: 0-8493-0116-5 ISBN: 0-8493-1137-3 Building a Wireless Office Information Security Risk Analysis Gilbert Held Thomas R. Peltier ISBN: 0-8493-1271-X ISBN: 0-8493-0880-1 The Complete Book of Middleware A Practical Guide to Security Engineering Judith Myerson and Information Assurance ISBN: 0-8493-1272-8 Debra Herrmann ISBN: 0-8493-1163-2 Computer Telephony Integration, 2nd Edition The Privacy Papers: William A. Yarberry, Jr. Managing Technology and Consumers, ISBN: 0-8493-1438-0 Employee, and Legislative Action Rebecca Herold Cyber Crime Investigator’s Field Guide ISBN: 0-8493-1248-5 Bruce Middleton ISBN: 0-8493-1192-6 Secure Internet Practices: Best Practices for Securing Systems in Cyber Forensics: A Field Manual for the Internet and e-Business Age Collecting, Examining, and Preserving Patrick McBride, Jody Patilla, Evidence of Computer Crimes Craig Robinson, Peter Thermos, Albert J. Marcella and Robert S. Greenfield, and Edward P. Moser Editors ISBN: 0-8493-1239-6 ISBN: 0-8493-0955-7 Securing and Controlling Cisco Routers Global Information Warfare: Peter T. Davis How Businesses, Governments, and ISBN: 0-8493-1290-6 Others Achieve Objectives and Attain Competitive Advantages Securing E-Business Applications and Andy Jones, Gerald L. -
Trusted Platform Module ST33TPHF20SPI FIPS 140-2 Security Policy Level 2
STMICROELECTRONICS Trusted Platform Module ST33TPHF20SPI ST33HTPH2E28AAF0 / ST33HTPH2E32AAF0 / ST33HTPH2E28AAF1 / ST33HTPH2E32AAF1 ST33HTPH2028AAF3 / ST33HTPH2032AAF3 FIPS 140-2 Security Policy Level 2 Firmware revision: 49.00 / 4A.00 HW version: ST33HTPH revision A Date: 2017/07/19 Document Version: 01-11 NON-PROPRIETARY DOCUMENT FIPS 140-2 SECURITY POLICY NON-PROPRIETARY DOCUMENT Page 1 of 43 Table of Contents 1 MODULE DESCRIPTION .................................................................................................................... 3 1.1 DEFINITION ..................................................................................................................................... 3 1.2 MODULE IDENTIFICATION ................................................................................................................. 3 1.2.1 AAF0 / AAF1 ......................................................................................................................... 3 1.2.2 AAF3 ..................................................................................................................................... 4 1.3 PINOUT DESCRIPTION ...................................................................................................................... 6 1.4 BLOCK DIAGRAMS ........................................................................................................................... 8 1.4.1 HW block diagram ............................................................................................................... -
Scalar I3 and I6 Open Source Software Licenses
Tape Automation Scalar i3 & Scalar i6, Firmware Release 1.1 (110G) Open Source Software Licenses Open Source Software (OSS) Licenses for: • Scalar i3 & Scalar i6 Firmware Release 1.1 (110G). The firmware/software contained in the Scalar i3 & Scalar i6 is an aggregate of vendor proprie- tary programs as well as third party programs, including Open Source Software (OSS). Use of OSS is subject to designated license terms and the following OSS license disclosure lists all open source components and applicable licenses that are part of the tape library firmware. All software that is designated as OSS may be copied, distributed, and/or modified in accordance with the terms and conditions of its respective license(s). Additionally, for some OSS you are entitled to obtain the corresponding OSS source files as required by the respective and applicable license terms. While GNU General Public License ("GPL") and GNU Lesser General Public Li- cense ("LGPL") licensed OSS requires that the sources be made available, Quantum makes all tape library firmware integrated OSS source files, whether licensed as GPL, LGPL or otherwise, available upon request. Please refer to the Scalar i3 & Scalar i6 Open Source License CD (part number 3-07787-01) when making such request. For contact information, see Getting More In- formation. LTO tape drives installed in the library may also include OSS components. For a complete list- ing of respective OSS packages and applicable OSS license information included in LTO tape drives, as well as instructions to obtain source files pursuant to applicable license requirements, please reference the Tape Automation disclosure listings under the Open Source Information link at www.quantum.com/support. -
Dev/Random and FIPS
/dev/random and Your FIPS 140-2 Validation Can Be Friends Yes, Really Valerie Fenwick Manager, Solaris Cryptographic Technologies team Oracle May 19, 2016 Photo by CGP Grey, http://www.cgpgrey.com/ Creative Commons Copyright © 2016, Oracle and/or its affiliates. All rights reserved. Not All /dev/random Implementations Are Alike • Your mileage may vary – Even across OS versions – Solaris 7‘s /dev/random is nothing like Solaris 11’s – Which look nothing like /dev/random in Linux, OpenBSD, MacOS, etc – Windows gets you a whole ‘nother ball of wax… • No common ancestry – Other than concept Copyright © 2016, Oracle and/or its affiliates. All rights reserved 3 /dev/random vs /dev/urandom • On most OSes, /dev/urandom is a PRNG (Pseudo-Random Number Generator) – In some, so is their /dev/random • Traditionally, /dev/urandom will never block – /dev/random will block • For fun, on some OSes /dev/urandom is a link to /dev/random Copyright © 2016, Oracle and/or its affiliates. All rights reserved 4 FreeBSD: /dev/random • /dev/urandom is a link to /dev/random • Only blocks until seeded • Based on Fortuna Copyright © 2016, Oracle and/or its affiliates. All rights reserved 5 OpenBSD: /dev/random • Called /dev/arandom • Does not block • Formerly based on ARCFOUR – Now based on ChaCha20 – C API still named arc4random() Copyright © 2016, Oracle and/or its affiliates. All rights reserved 6 MacOS: /dev/random • /dev/urandom is a link to /dev/random • 160-bit Yarrow PRNG, uses SHA1 and 3DES Copyright © 2016, Oracle and/or its affiliates. All rights reserved 7 Linux: /dev/random • Blocks when entropy is depleted • Has a separate non-blocking /dev/urandom Copyright © 2016, Oracle and/or its affiliates. -
Linux Random Number Generator
Not-So-Random Numbers in Virtualized Linux and the Whirlwind RNG Adam Everspaugh, Yan Zhai, Robert Jellinek, Thomas Ristenpart, Michael Swift Department of Computer Sciences University of Wisconsin-Madison {ace, yanzhai, jellinek, rist, swift}@cs.wisc.edu Abstract—Virtualized environments are widely thought to user-level cryptographic processes such as Apache TLS can cause problems for software-based random number generators suffer a catastrophic loss of security when run in a VM that (RNGs), due to use of virtual machine (VM) snapshots as is resumed multiple times from the same snapshot. Left as an well as fewer and believed-to-be lower quality entropy sources. Despite this, we are unaware of any published analysis of the open question in that work is whether reset vulnerabilities security of critical RNGs when running in VMs. We fill this also affect system RNGs. Finally, common folklore states gap, using measurements of Linux’s RNG systems (without the that software entropy sources are inherently worse on virtu- aid of hardware RNGs, the most common use case today) on alized platforms due to frequent lack of keyboard and mouse, Xen, VMware, and Amazon EC2. Despite CPU cycle counters interrupt coalescing by VM managers, and more. Despite providing a significant source of entropy, various deficiencies in the design of the Linux RNG makes its first output vulnerable all this, to date there have been no published measurement during VM boots and, more critically, makes it suffer from studies evaluating the security of Linux (or another common catastrophic reset vulnerabilities. We show cases in which the system RNG) in modern virtualized environments. -
Analysis of the Linux Random Number Generator
Analysis of the Linux Random Number Generator Zvi Gutterman Benny Pinkas Safend and The Hebrew University of Jerusalem University of Haifa Tzachy Reinman The Hebrew University of Jerusalem March 6, 2006 Abstract Linux is the most popular open source project. The Linux random number generator is part of the kernel of all Linux distributions and is based on generating randomness from entropy of operating system events. The output of this generator is used for almost every security protocol, including TLS/SSL key generation, choosing TCP sequence numbers, and file system and email encryption. Although the generator is part of an open source project, its source code (about 2500 lines of code) is poorly documented, and patched with hundreds of code patches. We used dynamic and static reverse engineering to learn the operation of this generator. This paper presents a description of the underlying algorithms and exposes several security vulnerabilities. In particular, we show an attack on the forward security of the generator which enables an adversary who exposes the state of the generator to compute previous states and outputs. In addition we present a few cryptographic flaws in the design of the generator, as well as measurements of the actual entropy collected by it, and a critical analysis of the use of the generator in Linux distributions on disk-less devices. 1 Introduction Randomness is a crucial resource for cryptography, and random number generators are therefore critical building blocks of almost all cryptographic systems. The security analysis of almost any system assumes a source of random bits, whose output can be used, for example, for the purpose of choosing keys or choosing random nonces.