Out, damn'd PGP v3

Apr 23, 2010 / 0 comments

Nearly a year ago people starting worrying about the complexity of SHA-1 being reduced and the potential availability of viable attacks against things such as PGP keys that used SHA-1. Many people (myself included) generated a new key, or updated preferences on keys that were otherwise strong enough. There were worries about what this might mean for Debian. We were getting ahead of ourselves a bit though. Firstly there haven't been any public viable attacks that I'm aware of (though of course this doesn't mean we shouldn't continue to migrate away), but secondly there's a much easier method of attack. PGP v3 keys. To quote RFC4880:

V3 keys are deprecated. They contain three weaknesses. First, it is relatively easy to construct a V3 key that has the same Key ID as any other key because the Key ID is simply the low 64 bits of the public modulus. Secondly, because the fingerprint of a V3 key hashes the key material, but not its length, there is an increased opportunity for fingerprint collisions. Third, there are weaknesses in the MD5 hash algorithm that make developers prefer other algorithms. See below for a fuller discussion of Key IDs and fingerprints.

At the time of writing Debian has 21 remaining v3 keys. This is a significant improvement over a year ago, when we had 200, but it's still 21 more than I'd like. I've been chasing people since last May (starting with those who had v3 + v4 keys, all of whom now only have a v4 key) and we're down to the stragglers. So it's time to name and shame, in the hope of kicking them into action. The following keys are what's left (doesn't match the currently active keyring because we've had a few replacements since the last promote):

0x0D2156BD3D97C149 Michael Stone <mstone>
0x225FD911CD269B31 Carlos Barros <cbf>
0x31E73F14E298966D James R. Van Zandt <jrv>
0x366CD3FEEBC11B01 Chris Waters <xtifr>
0x37A73FE355E8BC4D Frederic Lepied <lepied>
0x3E973117DCC528E9 Ardo van Rangelrooij <ardo>
0x5C7A46637953F711 Rich Sahlender <rsahlen>
0x5D6560F85F30F005 Craig Brozefsky <craig>
0x6B0E322836129171 Jim Westveer <jwest>
0x723724B4A5B6DD31 Christian Meder <meder>
0x7629B22ED71DAABD Adrian Bridgett <bridgett>
0x8FFC405EFD5A67CD Adam Di Carlo <aph>
0xB0D269DE17F3D4D1 Matthew Vernon <matthew>
0xBC151FC8D2A913A1 Peter S Galbraith <psg>
0xC1A0A171C2DCD3B1 Jim Mintha <jmintha>
0xC3168EBA23F5ADDB Ian Jackson <iwj>
0xCE951B1160D74C7D Patrick Cole <ltd>
0xE82A8B0D57137FE5 Paul Seelig <pseelig>
0xF20E242CE77AC835 Brian White <bcwhite>
0xFBAA570C3087194D Alan Bain <afrb2>
0xFFD1B4AC7C19FD19 David Engel <david>

Of these keys only 2 voted in the recent DPL election. 8 have failed to make any response to my mails (3 since last August). Only 9 have uploaded a package since August 2008. And 10 were already known to the MIA database. Some of them have stated they'll sort out a new key, but not yet done so.

If you are one of these people, please either get a new key sorted and signed and reply to the mails I've sent you, or reply and say you no longer wish to be involved in Debian. And if you know any of these people, encourage them to get a new key sorted and offer to sign it for them.

Fizz buzz

Mar 8, 2010 / 0 comments

Inspired by a conversation about interview coding tasks from a list I'm on, I present the following - I considered it too long to email there. It took me longer than I expected to write; my x86 assembly is quite rusty. I'm not claiming it's pretty, but it fits in a single sector and most of the overhead is actually ELF structures.

; nasm -f elf fizzbuzz.asm
; ld -melf_i386 -s -o fizzbuzz fizzbuzz.o
; ./fizzbuzz

section .data

fizz	db	" fizz"
fizzlen	equ	$ - fizz
buzz	db	" buzz"
buzzlen	equ	$ - buzz
num	db	"   "
numend	equ	$ - 1
numlen	equ	$ - num
nl	db	0xa
nllen	equ	$ - nl

curnum	db 1

section .text

	global _start

	mov ax, [curnum]
	call printnum

	mov ax, [curnum]
	mov cx, 3
	xor dx, dx
	div cx
	cmp dx, 0
	jnz notfizz

	mov edx, fizzlen
	mov ecx, fizz
	call printstr

	mov ax, [curnum]
	mov cx, 5
	xor dx, dx
	div cx
	cmp dx, 0
	jnz notbuzz

	mov edx, buzzlen
	mov ecx, buzz
	call printstr

	mov edx, nllen
	mov ecx, nl
	call printstr

	inc BYTE [curnum]
	cmp BYTE [curnum], 100
	jle _start

	xor ebx, ebx
	mov eax, 1
	int 0x80

	mov edi, numend
	mov cx, 10
	xor edx, edx
	div cx
	add dx, '0'
	mov [edi], dl
	dec edi
	cmp ax, 0
	jne p1

	mov ecx, num
	mov edx, numlen
	mov ebx, 1
	mov eax, 4
	int 0x80

Meta: Rant about rants about PGP keysigning problems

Mar 3, 2010 / 0 comments

(This has ended up longer than I intended, largely because I felt I should then get into why. I'm aware I haven't got into all the nuances, so I hope readers familiar with the area will appreciate this is the compact version.)

Thorsten had a rant last week about PGP keysigning problems. He apologises for his tone, but that's not the issue I take with his rant.

It starts "Keysigning is useless". And yet his complaints seem to be:

  • Dealing with the private half of your GPG key securely involves some faff (in this case booting with a live CD and having to set things up ready to keysign).
  • He doesn't get on with caff.
  • People reject email from machines with invalid HELOs and perform other anti spam measures on ISP access ranges (I'm not clear if it's just greylisting or outright rejects as that's not made clear).
  • PGP/MIME is a protocol violation (yes, but it's much better than inline OpenPGP. Unless you have to deal with RT, which mangles it. *sigh*)
None of these seem to actually be about keysigning being useless. The process of doing it, maybe, though he misses the main valid rant about this I'd have, which is that most mass keysignings don't actually allow you to accurately verify the identity of other participants unless you already know them reasonably well. (The LCA2010 keysigning and DebConf5 in Helsinki spring to mind as 2 good examples of bad keysignings I've attended, but speaking to others suggests it's far from an isolated thing.)

Torsten does say that he'll continue to do keysigning on a per-person basis, so it doesn't sound like he's completely given up. I'm posting this largely so other Debian related people don't get the idea that it's not important to think about keysigning.

Why should we care?

Firstly, let's clarify what I mean when I sign someone else's key. If I sign your key then I think that I believe you hold the private part of a key that has your name and an email address I believe I can use to contact you on it. It means I have seen government issued ID that matches that name. It also means that I have interacted with you (and watched others interact with you) under that persona. In short I am happy that the key is a reasonable digital representation of your identity - something signed by it either comes from you or has involved the key being compromised or you coerced  into using it against your will.

Why is this useful?

It gets useful thanks to the web of trust; ie the idea that there are a bunch of people I trust partially to sign other keys, and if enough of them have signed a key then I can have a reasonable expectation that the key belongs to the person I want to talk to. Which means I might be prepared to send private data to them. Or Debian might be prepared to accept an upload from them. Which, when you're dealing with a community that spans the planet and where most of the contributors haven't met each other, is pretty freakin' useful - I, as part of Debian's keyring team, don't need to personally be able to identify every Debian developer. All I need to do is be able to trust other DDs to be able to do so. (Though maybe I'm missing out on something here - perhaps Debian should be paying for Gunnar and me to travel the world verifying fingerprints. \o/)

(I still do mass keysignings btw. I'm picky about which keys I actually sign - this is in no way intended as a slight against those I don't, but a mass keysigning at least lets me know that the people involved are happy to exchange fingerprints. Though, FWIW, I normally have ID on me and frequently have fingerprint slips, so if you know me and want me to sign your key/want to sign mine then by all means ask me when you see me!)

Sinful admission

Jan 27, 2010 / 0 comments

Knowing full well that it will cause many of my readers to tut and roll their eyes at me I derive slight pleasure from confessing that I have now eaten at McDonalds on 6 continents. To make it worse I only did so in Asia and Australia so I could say I had.

It does lead me into a slightly more valid ramble. I'm not particularly bothered about eating on my own. I like food (even if I'm picky about what I like), but I prefer it with company. This means I'm not particularly great about being organised to cook complicated things when I'm on my own; largely the whole thing just turns into dealing with hunger. It also mean I'm bad at finding nice places to eat out while travelling. Which, when you're travelling for a month to some interesting places, is a bit of a bugger. I've got a bit better at actually going to nice places, and trying not to bolt my food into me so I can get out ASAP but instead enjoy it. A book helps. Also places that aren't quite as busy (which if you have no agenda is nicely achieved by letting your body clock desync from the world around you). Unfortunately I didn't really do so until after Hong Kong. Guess I'll just have to go back at some point...

(More on my travels at some point, maybe. I've started the tortuous journey home now.)

Prettifying Debian boot output

Jan 7, 2010 / 0 comments

Being a bit of a freak I actually tend to read my boot output. Well, when I'm not using that time to go grab a cup of coffee first thing on a Monday morning. However I don't always find Debian's default output as clear as I'd like (especially when I haven't had that coffee yet, or when I'm half watching a remote machine boot over its serial console). ISTR that RedHat had much nicer boot output (I'm talking about text based here, not the fancy Plymouth stuff) with a row of OK/FAILED etc down the right hand side that made it nice and obvious what was happening. Of course we can do that with Debian, at least for packages that use the lsb-base logging functions. Drop the following into /etc/lsb-base-logging.sh and enjoy a slightly prettier boot. I'm slowly filing wishlist bugs with patches for those bits and pieces I use that don't use lsb-base for their init script logging.

# Colour our init scripts output

# int log_end_message (int exitstatus)
log_end_msg () {
    # If no arguments were passed, return
    if [ -z "${1:-}" ]; then
        return 1


    log_end_msg_pre "$@"

    # Only do the fancy stuff if we have an appropriate terminal
    # and if /usr is already mounted
    if log_use_fancy_output; then
        RED=`$TPUT setaf 1`
        GREEN=`$TPUT setaf 2`
        YELLOW=`$TPUT setaf 3`
        NORMAL=`$TPUT sgr0`
        $TPUT hpa $((`$TPUT cols` - 12))

    if [ $1 -eq 0 ]; then
        /bin/echo -e " [   ${GREEN}OK${NORMAL}   ]"
    elif [ $1 -eq 255 ]; then
        /bin/echo -e " [${YELLOW}WARNING!${NORMAL}]"
        /bin/echo -e " [ ${RED}FAILED${NORMAL} ]"
    log_end_msg_post "$@"
    return $retval

log_action_end_msg () {
    log_action_end_msg_pre "$@"
    if [ -z "${2:-}" ]; then
        end=" ($2)"

    /bin/echo -n "${end}"

    # Only do the fancy stuff if we have an appropriate terminal
    # and if /usr is already mounted
    if log_use_fancy_output; then
        RED=`$TPUT setaf 1`
        BLUE=`$TPUT setaf 4`
        NORMAL=`$TPUT sgr0`
        $TPUT hpa $((`$TPUT cols` - 12))

    if [ $1 -eq 0 ]; then
        /bin/echo -e " [  ${BLUE}DONE${NORMAL}  ]"
        /bin/echo -e " [ ${RED}FAILED${NORMAL} ]"
    log_action_end_msg_post "$@"

(This is mostly for my own future reference, because I keep trying to search for details on it and not finding exactly what I want. I forget where I even found the basis for this, though there are lots of similar snippets out there. I've not tried it with a concurrency based boot so it may well look horrible under that.)

subscribe via RSS