|Subject:||Re: [Sks-devel] sks.daylightpirates.org is staying...again|
|Date:||Wed, 21 Nov 2018 17:47:49 +0200|
|User-agent:||Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130215 Thunderbird/17.0.3|
Hey Yegor and all,|
Do you happen to have a long-term patch also, or just the hardcoded poison key?
I wonder why nobody thought about this possibility before.. so any lasting fix besides hardcoded blacklisting?
It is very easy to test for vulnerabilities if you actually install sks on your own machine first, and try to also fix it before publishing/exploiting it. Many have tutorials on this subject and all you need is a copy of a key dump.
There are other ways of bringing an sks server down, and BDB might not be the best idea for a server, still the network is important for both free software and individuals using it.
Blockchain technology has larger issues when it comes to GDPR yet we don't see blockchain nodes going away for this very reason.
I should try it, just to see how predictible the RPI key pair is. Btw I tried out these two commands on GNU/Linux (ffmpeg and drivers are necessary):
1) If you have a webcam on GNU/Linux just copy and run this line at the command prompt: echo `ffmpeg -t 5 -f video4linux2 -i /dev/video0 -f ogv - | sha512sum - | cut -f1 -d' '` > /dev/random; echo "You may run gpg --gen-key now"
2) For audio only random input with noise run this: echo `ffmpeg -f alsa -i hw:0 -t 10 -f ogv - | sha256sum | cut -f 1 -d' '` > /dev/random; echo "You may run gpg --gen-key now"
As far as I know anything you write into /dev/random on GNU/Linux is getting SHA1 with whatever was there already in the buffer, so the more data you copy into /dev/random the "better" it is in terms of random seed initialization. I think this observation is also important for Android e-mail clients and other embedded devices.
The noise provided by the webcam seems to be sufficient for initializing /dev/random so when the webcam is covered with plastic foil the command is still useful, maybe at boot/reboot time.
SKS seems to have a -seed parameter.
On 11/19/2018 05:14 PM, Yegor Timoshenko wrote:
Howdy all,Hey!I'm constantly in-and-out of the pool due to issue #61*, but so what? I can be of service to people needing to use pool when I'm in and my CPU always calms back down after a few minutes and get back into the pool.If you want to momentarily fix the issue, rebuild SKS with the following patch applied: https://lists.nongnu.org/archive/html/sks-devel/2018-07/msg00053.html However, mind that anyone can build another poison key by following instructions in https://bitbucket.org/skskeyserver/sks-keyserver/issues/60, meaning underlying issue is not fixed.
-- Sl.univ.dr.ing. Alin-Adrian Anton Politehnica University of Timisoara Department of Computer and Information Technology 2nd Vasile Parvan Ave., 300223 Timisoara, Timis, Romania
|[Prev in Thread]||Current Thread||[Next in Thread]|