Re: Bug#860771: ITP: node-diffie-hellman -- pure js diffie-hellman
On Thu, Apr 20, 2017 at 12:41 AM, Christian Seiler wrote: > On 04/19/2017 11:36 PM, Bastien ROUCARIES wrote: >> Package: wnpp >> Severity: wishlist >> Owner: ro...@debian.org >> X-Debbugs-CC: debian-devel@lists.debian.org >> >> * Package name: node-diffie-hellman >> Version : 5.0.2 >> Upstream Author : Calvin Metcalf >> * URL : https://github.com/crypto-browserify/diffie-hellman >> * License : Expat >> Programming Lang: JavaScript >> Description : pure js diffie-hellman key exchange >> >> Diffie–Hellman key exchange (D–H) is a specific method of securely >> exchanging cryptographic keys over a public channel. The >> Diffie–Hellman key exchange method allows two parties that have no >> prior knowledge of each other to jointly establish a shared secret key >> over an insecure channel. This key can then be used to encrypt >> subsequent communications using a symmetric key cipher. >> . >> Node.js is an event-based server-side JavaScript engine. > > Is this timing safe? From the github page it uses a pure-JS > BigNum implementation (bn.js) for the complicated stuff, but > the README of that code doesn't mention timing at all. And > from perusing the source code of bn.js, it doesn't appear to > be the case that their implementation of exponentiation in > a prime field is geared towards constant-time execution (when > the sizes are the same). > > If you look at e.g. OpenSSL's source code (bn_exp.c), there's > a specific function (bn_mod_exp_mont_consttime) in there that > takes great care of making sure that the operation runs in > constant time - down to how the memory layout is organized. I > wouldn't know how you'd even do that in an interpreted > language such as JavaScript, but even if that's possible, I'd > suspect that a lot of brain power would need to go into > designing that [1], while bn.js's implementation of the > Red.pow function seems rather straight-forward. (Which is > fine, bn.js appears to have the goal to be a generic bignum > library, and not targeted at crypto.) > > What I'm saying is: while not having tested that, I believe > that this implementation of DH is going to be susceptible to > timing attacks. (And if it isn't, the author should really > provide some rationale why not, with some test results. The > README is rather sparse, though.) Which would be fine if you > just wanted to use this library to generate the DH prime > itself (that is not timing critical), or just use it in an > academic context (to let people play around with DH), but > I'd not want to use this for real-world applications of the > actual key exchange protocol. I have planned to add a big fat warning about safety of browserify-crypto. I am myself unease to use it but it is needed for browserify. Do you prefer a README.debian per pure js crypto package ? I plan to patch browserify and add a flag in order to use the crypto API. > > Regards, > Christian > > [1] Especially if this is to be run in browsers, with > different JITs etc. Designing algorithms in pure JS > for these environments that are timing-safe looks rather > daunting to me.
Re: Bug#860771: ITP: node-diffie-hellman -- pure js diffie-hellman
On 04/20/2017 11:09 AM, Bastien ROUCARIES wrote: > I have planned to add a big fat warning about safety of > browserify-crypto. I am myself unease to use it but it is needed for > browserify. > > Do you prefer a README.debian per pure js crypto package ? Maybe also add something along the lines of | For security considerations of this package please consult | README.Debian. to the package's extended description? (Or is that against policy?) > I plan to patch browserify and add a flag in order to use the crypto API. Isn't browserify a JS minifier? Why would that need DH key exchange anyway? I'm a bit confused here... Regards, Christian
Work-needing packages report for Apr 21, 2017
The following is a listing of packages for which help has been requested through the WNPP (Work-Needing and Prospective Packages) system in the last week. Total number of orphaned packages: 1064 (new: 0) Total number of packages offered up for adoption: 160 (new: 1) Total number of packages requested help for: 43 (new: 0) Please refer to http://www.debian.org/devel/wnpp/ for more information. No new packages have been orphaned, but a total of 1064 packages are orphaned. See http://www.debian.org/devel/wnpp/orphaned for a complete list. The following packages have been given up for adoption: rbtools (#860552), offered 2 days ago Description: set of client tools to use with Review Board Installations reported by Popcon: 76 Bug Report URL: http://bugs.debian.org/860552 159 older packages have been omitted from this listing, see http://www.debian.org/devel/wnpp/rfa_bypackage for a complete list. For the following packages help is requested: autopkgtest (#846328), requested 141 days ago Description: automatic as-installed testing for Debian packages Reverse Depends: debci-worker openstack-pkg-tools Installations reported by Popcon: 775 Bug Report URL: http://bugs.debian.org/846328 balsa (#642906), requested 2034 days ago Description: An e-mail client for GNOME Reverse Depends: balsa-dbg Installations reported by Popcon: 692 Bug Report URL: http://bugs.debian.org/642906 busybox (#854181), requested 75 days ago Description: Tiny utilities for small and embedded systems Reverse Depends: bootcd busybox-syslogd dropbear-initramfs live-boot-initramfs-tools open-infrastructure-system-boot udhcpc udhcpd wicd-daemon zfs-initramfs Installations reported by Popcon: 194431 Bug Report URL: http://bugs.debian.org/854181 cargo (#860116), requested 9 days ago Description: Rust package manager Installations reported by Popcon: 455 Bug Report URL: http://bugs.debian.org/860116 cups (#532097), requested 2875 days ago Description: Common UNIX Printing System Reverse Depends: bluez-cups boomaga chromium cinnamon-settings-daemon cloudprint cups cups-backend-bjnp cups-browsed cups-bsd cups-client (66 more omitted) Installations reported by Popcon: 177971 Bug Report URL: http://bugs.debian.org/532097 cyrus-sasl2 (#799864), requested 575 days ago Description: authentication abstraction library Reverse Depends: 389-ds-base 389-ds-base-libs 389-dsgw adcli autofs-ldap cairo-dock-mail-plug-in claws-mail claws-mail-acpi-notifier claws-mail-address-keeper claws-mail-archiver-plugin (127 more omitted) Installations reported by Popcon: 195770 Bug Report URL: http://bugs.debian.org/799864 dee (#831388), requested 279 days ago Description: model to synchronize mutiple instances over DBus Reverse Depends: dee-tools gir1.2-dee-1.0 libdee-1.0-4-dbg libdee-dev zeitgeist-core Installations reported by Popcon: 64229 Bug Report URL: http://bugs.debian.org/831388 developers-reference (#759995), requested 964 days ago Description: guidelines and information for Debian developers Installations reported by Popcon: 19004 Bug Report URL: http://bugs.debian.org/759995 devscripts (#800413), requested 569 days ago Description: scripts to make the life of a Debian Package maintainer easier Reverse Depends: apt-build apt-listdifferences aptfs arriero bzr-builddeb customdeb debci debian-builder debmake debpear (24 more omitted) Installations reported by Popcon: 12993 Bug Report URL: http://bugs.debian.org/800413 ejabberd (#767874), requested 899 days ago Description: distributed, fault-tolerant Jabber/XMPP server written in Erlang Reverse Depends: ejabberd-contrib ejabberd-mod-cron ejabberd-mod-log-chat ejabberd-mod-logsession ejabberd-mod-logxml ejabberd-mod-message-log ejabberd-mod-muc-log-http ejabberd-mod-post-log ejabberd-mod-pottymouth ejabberd-mod-rest (4 more omitted) Installations reported by Popcon: 648 Bug Report URL: http://bugs.debian.org/767874 fbcat (#565156), requested 2654 days ago Description: framebuffer grabber Installations reported by Popcon: 201 Bug Report URL: http://bugs.debian.org/565156 fgetty (#823061), requested 355 days ago Description: console-only getty & login (issue with nis) Installations reported by Popcon: 1726 Bug Report URL: http://bugs.debian.org/823061 freeipmi (#628062), requested 2156 days ago Description: GNU implementation of the IPMI protocol Reverse Depends: conman freeipmi freeipmi-bmc-w
