Remove useless line from daemon class in login.conf

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Remove useless line from daemon class in login.conf

Daniel Jakots-6
Hi,

We used to have different numbers of blowfish rounds between the
default and daemon classes in login.conf. On Jun 26, 2016, tedu
committed "upgrade selected login.conf to use auto rounds for bcrypt"
for amd64, sparc64, i386, and maccpc [1].

Since the class daemon inherits from the default class, the
:localcipher=blowfish,a:\
is a duplicate.

Here's a diff to remove them.

Cheers,
Daniel

[1]: https://github.com/openbsd/src/commit/69b58a8d03f019fa368cc0ddb22481f4f3f36671

Index: etc.amd64/login.conf
===================================================================
RCS file: /cvs/src/etc/etc.amd64/login.conf,v
retrieving revision 1.14
diff -u -p -r1.14 login.conf
--- etc.amd64/login.conf 11 Mar 2020 15:41:48 -0000 1.14
+++ etc.amd64/login.conf 22 May 2020 20:57:14 -0000
@@ -64,7 +64,6 @@ daemon:\
  :openfiles-max=1024:\
  :openfiles-cur=128:\
  :stacksize-cur=8M:\
- :localcipher=blowfish,a:\
  :tc=default:
 
 #
Index: etc.i386/login.conf
===================================================================
RCS file: /cvs/src/etc/etc.i386/login.conf,v
retrieving revision 1.9
diff -u -p -r1.9 login.conf
--- etc.i386/login.conf 5 Nov 2019 19:03:46 -0000 1.9
+++ etc.i386/login.conf 22 May 2020 20:57:14 -0000
@@ -64,7 +64,6 @@ daemon:\
  :openfiles-max=1024:\
  :openfiles-cur=128:\
  :stacksize-cur=8M:\
- :localcipher=blowfish,a:\
  :tc=default:
 
 #
Index: etc.macppc/login.conf
===================================================================
RCS file: /cvs/src/etc/etc.macppc/login.conf,v
retrieving revision 1.12
diff -u -p -r1.12 login.conf
--- etc.macppc/login.conf 12 Mar 2020 15:32:22 -0000 1.12
+++ etc.macppc/login.conf 22 May 2020 20:57:14 -0000
@@ -64,7 +64,6 @@ daemon:\
  :openfiles-max=1024:\
  :openfiles-cur=128:\
  :stacksize-cur=8M:\
- :localcipher=blowfish,a:\
  :tc=default:
 
 #
Index: etc.sparc64/login.conf
===================================================================
RCS file: /cvs/src/etc/etc.sparc64/login.conf,v
retrieving revision 1.12
diff -u -p -r1.12 login.conf
--- etc.sparc64/login.conf 5 Nov 2019 19:03:47 -0000 1.12
+++ etc.sparc64/login.conf 22 May 2020 20:57:14 -0000
@@ -64,7 +64,6 @@ daemon:\
  :openfiles-max=1024:\
  :openfiles-cur=128:\
  :stacksize-cur=8M:\
- :localcipher=blowfish,a:\
  :tc=default:
 
 #

Reply | Threaded
Open this post in threaded view
|

Re: Remove useless line from daemon class in login.conf

Stuart Henderson
On 2020/05/22 17:06, Daniel Jakots wrote:

> Hi,
>
> We used to have different numbers of blowfish rounds between the
> default and daemon classes in login.conf. On Jun 26, 2016, tedu
> committed "upgrade selected login.conf to use auto rounds for bcrypt"
> for amd64, sparc64, i386, and maccpc [1].
>
> Since the class daemon inherits from the default class, the
> :localcipher=blowfish,a:\
> is a duplicate.
>
> Here's a diff to remove them.

I'm OK with unifying these settings, but FWIW I never switched to auto
for these, it doesn't seem all that sensible for somebody with the ability
to generate enough load on the machine to be able to reduce the strength
of bcrypt down to the 64 (2^6) rounds minimum.

Reply | Threaded
Open this post in threaded view
|

Re: Remove useless line from daemon class in login.conf

Theo de Raadt-2
Stuart Henderson <[hidden email]> wrote:

> On 2020/05/22 17:06, Daniel Jakots wrote:
> > Hi,
> >
> > We used to have different numbers of blowfish rounds between the
> > default and daemon classes in login.conf. On Jun 26, 2016, tedu
> > committed "upgrade selected login.conf to use auto rounds for bcrypt"
> > for amd64, sparc64, i386, and maccpc [1].
> >
> > Since the class daemon inherits from the default class, the
> > :localcipher=blowfish,a:\
> > is a duplicate.
> >
> > Here's a diff to remove them.
>
> I'm OK with unifying these settings, but FWIW I never switched to auto
> for these, it doesn't seem all that sensible for somebody with the ability
> to generate enough load on the machine to be able to reduce the strength
> of bcrypt down to the 64 (2^6) rounds minimum.

Yes, that is problematic.

The minimum should be probably be raised, we should consider if auto
should even exist anymore.

Reply | Threaded
Open this post in threaded view
|

Re: Remove useless line from daemon class in login.conf

Stuart Henderson
On 2020/05/22 16:04, Theo de Raadt wrote:

> Stuart Henderson <[hidden email]> wrote:
>
> > On 2020/05/22 17:06, Daniel Jakots wrote:
> > > Hi,
> > >
> > > We used to have different numbers of blowfish rounds between the
> > > default and daemon classes in login.conf. On Jun 26, 2016, tedu
> > > committed "upgrade selected login.conf to use auto rounds for bcrypt"
> > > for amd64, sparc64, i386, and maccpc [1].
> > >
> > > Since the class daemon inherits from the default class, the
> > > :localcipher=blowfish,a:\
> > > is a duplicate.
> > >
> > > Here's a diff to remove them.
> >
> > I'm OK with unifying these settings, but FWIW I never switched to auto
> > for these, it doesn't seem all that sensible for somebody with the ability
> > to generate enough load on the machine to be able to reduce the strength
> > of bcrypt down to the 64 (2^6) rounds minimum.
>
> Yes, that is problematic.
>
> The minimum should be probably be raised, we should consider if auto
> should even exist anymore.
>

As long as it doesn't allow weakening things I think auto should still
exist so that machines can have a stronger bcrypt where it's cheap.

When this was introduced, login.conf for amd64/i386/macppc/sparc64
changed from 8 (normal users) and 9 (daemon class i.e. root) to auto.
Since other, mainly slower, arches stayed with hardcoded 8/9 I don't
think the current minimum reachable in the code makes sense at all.

I've gone to a few machines and done:

- 50 runs of "encrypt -b a" to see what setting was chosen by auto

for i in `jot 50`; do echo foo | encrypt -b a; sleep .1; done | cut -d'$' -f3 | sort | uniq -c

- 50 runs of "encrypt -b 9" or "encrypt -b 10" and averaged, to see
how long those two settings take

time for i in `jot 50`; do echo foo | encrypt -b 10; done
(divided by 50)

                        Chosen -b 9 -b 10
Cortex-A53 1.4GHz (pi3) all 8 0.22 0.40
GX-412TC 1GHz (APU2) all 8 0.16 0.31
Cortex-A72 1.5GHz (pi4) all 9 0.07 0.14
L5520 2.27GHz all 9 0.08 0.16
E3-1225v3 3.2GHz 12x8 3x9 35x10 0.05 0.10
E3-1240v5 3.5GHz all 10 0.04 0.08
E3-1270v6 3.8GHz all 11 0.03 0.05

I think bumping the minimum to 2^9 would be reasonable, there's a more
noticeable delay on some machines but I think that's fair enough (any
cracking is likely to be done on a fast machine, and the user can force
it lower themselves if they want to take the risk).

With a higher minimum than that the delay starts to get very noticeable
in some cases, so I'm not sure we're ready for that yet.

I think it also makes sense to use blowfish,a in login.conf on all
arches, replacing the old 8/9. Actually -b a is already used in the
installer for both root and the standard user on all archs, whatever
they have in login.conf. Resulting in the situation that on some
archs, the bcrypt created during install for root's password is
weaker than it would be if reset after boot.

So maybe this or something like it?

Index: lib/libc/crypt/bcrypt.c
===================================================================
RCS file: /cvs/src/lib/libc/crypt/bcrypt.c,v
retrieving revision 1.57
diff -u -p -r1.57 bcrypt.c
--- lib/libc/crypt/bcrypt.c 26 Aug 2016 08:25:02 -0000 1.57
+++ lib/libc/crypt/bcrypt.c 23 May 2020 20:16:46 -0000
@@ -237,14 +237,15 @@ bcrypt_checkpass(const char *pass, const
 DEF_WEAK(bcrypt_checkpass);
 
 /*
- * Measure this system's performance by measuring the time for 8 rounds.
- * We are aiming for something that takes around 0.1s, but not too much over.
+ * Measure this system's performance by measuring the time for 2^9 rounds.
+ * We are aiming for something that takes around 0.1s, not too much over,
+ * but without allowing it to be too weak.
  */
 int
 _bcrypt_autorounds(void)
 {
  struct timespec before, after;
- int r = 8;
+ int r = 9;
  char buf[_PASSWORD_LEN];
  int duration;
 
@@ -257,12 +258,12 @@ _bcrypt_autorounds(void)
  duration += (after.tv_nsec - before.tv_nsec) / 1000;
 
  /* too quick? slow it down. */
- while (r < 16 && duration <= 60000) {
+ while (r < 16 && duration <= 75000) {
  r += 1;
  duration *= 2;
  }
  /* too slow? speed it up. */
- while (r > 6 && duration > 120000) {
+ while (r > 10 && duration > 120000) {
  r -= 1;
  duration /= 2;
  }
Index: etc/etc.alpha/login.conf
===================================================================
RCS file: /cvs/src/etc/etc.alpha/login.conf,v
retrieving revision 1.8
diff -u -p -r1.8 login.conf
--- etc/etc.alpha/login.conf 5 Nov 2019 19:03:46 -0000 1.8
+++ etc/etc.alpha/login.conf 23 May 2020 20:36:06 -0000
@@ -48,7 +48,7 @@ default:\
  :openfiles-max=1024:\
  :openfiles-cur=512:\
  :stacksize-cur=4M:\
- :localcipher=blowfish,8:\
+ :localcipher=blowfish,a:\
  :tc=auth-defaults:\
  :tc=auth-ftp-defaults:
 
@@ -64,7 +64,6 @@ daemon:\
  :openfiles-max=1024:\
  :openfiles-cur=128:\
  :stacksize-cur=8M:\
- :localcipher=blowfish,9:\
  :tc=default:
 
 #
Index: etc/etc.arm64/login.conf
===================================================================
RCS file: /cvs/src/etc/etc.arm64/login.conf,v
retrieving revision 1.7
diff -u -p -r1.7 login.conf
--- etc/etc.arm64/login.conf 5 Nov 2019 19:03:46 -0000 1.7
+++ etc/etc.arm64/login.conf 23 May 2020 20:36:06 -0000
@@ -48,7 +48,7 @@ default:\
  :openfiles-max=1024:\
  :openfiles-cur=512:\
  :stacksize-cur=4M:\
- :localcipher=blowfish,8:\
+ :localcipher=blowfish,a:\
  :tc=auth-defaults:\
  :tc=auth-ftp-defaults:
 
@@ -64,7 +64,6 @@ daemon:\
  :openfiles-max=1024:\
  :openfiles-cur=128:\
  :stacksize-cur=8M:\
- :localcipher=blowfish,9:\
  :tc=default:
 
 #
Index: etc/etc.armv7/login.conf
===================================================================
RCS file: /cvs/src/etc/etc.armv7/login.conf,v
retrieving revision 1.8
diff -u -p -r1.8 login.conf
--- etc/etc.armv7/login.conf 5 Nov 2019 19:03:46 -0000 1.8
+++ etc/etc.armv7/login.conf 23 May 2020 20:36:06 -0000
@@ -48,7 +48,7 @@ default:\
  :openfiles-max=1024:\
  :openfiles-cur=512:\
  :stacksize-cur=4M:\
- :localcipher=blowfish,8:\
+ :localcipher=blowfish,a:\
  :tc=auth-defaults:\
  :tc=auth-ftp-defaults:
 
@@ -64,7 +64,6 @@ daemon:\
  :openfiles-max=1024:\
  :openfiles-cur=128:\
  :stacksize-cur=8M:\
- :localcipher=blowfish,9:\
  :tc=default:
 
 #
Index: etc/etc.hppa/login.conf
===================================================================
RCS file: /cvs/src/etc/etc.hppa/login.conf,v
retrieving revision 1.10
diff -u -p -r1.10 login.conf
--- etc/etc.hppa/login.conf 5 Nov 2019 19:03:46 -0000 1.10
+++ etc/etc.hppa/login.conf 23 May 2020 20:36:06 -0000
@@ -48,7 +48,7 @@ default:\
  :openfiles-max=1024:\
  :openfiles-cur=512:\
  :stacksize-cur=4M:\
- :localcipher=blowfish,8:\
+ :localcipher=blowfish,a:\
  :tc=auth-defaults:\
  :tc=auth-ftp-defaults:
 
@@ -64,7 +64,6 @@ daemon:\
  :openfiles-max=1024:\
  :openfiles-cur=128:\
  :stacksize-cur=8M:\
- :localcipher=blowfish,9:\
  :tc=default:
 
 #
Index: etc/etc.landisk/login.conf
===================================================================
RCS file: /cvs/src/etc/etc.landisk/login.conf,v
retrieving revision 1.8
diff -u -p -r1.8 login.conf
--- etc/etc.landisk/login.conf 5 Nov 2019 19:03:46 -0000 1.8
+++ etc/etc.landisk/login.conf 23 May 2020 20:36:06 -0000
@@ -48,7 +48,7 @@ default:\
  :openfiles-max=1024:\
  :openfiles-cur=512:\
  :stacksize-cur=4M:\
- :localcipher=blowfish,8:\
+ :localcipher=blowfish,a:\
  :tc=auth-defaults:\
  :tc=auth-ftp-defaults:
 
@@ -64,7 +64,6 @@ daemon:\
  :openfiles-max=1024:\
  :openfiles-cur=128:\
  :stacksize-cur=8M:\
- :localcipher=blowfish,9:\
  :tc=default:
 
 #
Index: etc/etc.loongson/login.conf
===================================================================
RCS file: /cvs/src/etc/etc.loongson/login.conf,v
retrieving revision 1.13
diff -u -p -r1.13 login.conf
--- etc/etc.loongson/login.conf 12 Mar 2020 15:32:21 -0000 1.13
+++ etc/etc.loongson/login.conf 23 May 2020 20:36:06 -0000
@@ -48,7 +48,7 @@ default:\
  :openfiles-max=1024:\
  :openfiles-cur=512:\
  :stacksize-cur=4M:\
- :localcipher=blowfish,8:\
+ :localcipher=blowfish,a:\
  :tc=auth-defaults:\
  :tc=auth-ftp-defaults:
 
@@ -64,7 +64,6 @@ daemon:\
  :openfiles-max=1024:\
  :openfiles-cur=128:\
  :stacksize-cur=8M:\
- :localcipher=blowfish,9:\
  :tc=default:
 
 #
Index: etc/etc.luna88k/login.conf
===================================================================
RCS file: /cvs/src/etc/etc.luna88k/login.conf,v
retrieving revision 1.8
diff -u -p -r1.8 login.conf
--- etc/etc.luna88k/login.conf 5 Nov 2019 19:03:46 -0000 1.8
+++ etc/etc.luna88k/login.conf 23 May 2020 20:36:06 -0000
@@ -48,7 +48,7 @@ default:\
  :openfiles-max=1024:\
  :openfiles-cur=512:\
  :stacksize-cur=4M:\
- :localcipher=blowfish,8:\
+ :localcipher=blowfish,a:\
  :tc=auth-defaults:\
  :tc=auth-ftp-defaults:
 
@@ -64,7 +64,6 @@ daemon:\
  :openfiles-max=1024:\
  :openfiles-cur=128:\
  :stacksize-cur=8M:\
- :localcipher=blowfish,9:\
  :tc=default:
 
 #
Index: etc/etc.octeon/login.conf
===================================================================
RCS file: /cvs/src/etc/etc.octeon/login.conf,v
retrieving revision 1.10
diff -u -p -r1.10 login.conf
--- etc/etc.octeon/login.conf 5 Nov 2019 19:03:47 -0000 1.10
+++ etc/etc.octeon/login.conf 23 May 2020 20:36:06 -0000
@@ -48,7 +48,7 @@ default:\
  :openfiles-max=1024:\
  :openfiles-cur=512:\
  :stacksize-cur=4M:\
- :localcipher=blowfish,8:\
+ :localcipher=blowfish,a:\
  :tc=auth-defaults:\
  :tc=auth-ftp-defaults:
 
@@ -64,7 +64,6 @@ daemon:\
  :openfiles-max=1024:\
  :openfiles-cur=128:\
  :stacksize-cur=8M:\
- :localcipher=blowfish,9:\
  :tc=default:
 
 #
Index: etc/etc.sgi/login.conf
===================================================================
RCS file: /cvs/src/etc/etc.sgi/login.conf,v
retrieving revision 1.10
diff -u -p -r1.10 login.conf
--- etc/etc.sgi/login.conf 5 Nov 2019 19:03:47 -0000 1.10
+++ etc/etc.sgi/login.conf 23 May 2020 20:36:06 -0000
@@ -48,7 +48,7 @@ default:\
  :openfiles-max=1024:\
  :openfiles-cur=512:\
  :stacksize-cur=4M:\
- :localcipher=blowfish,8:\
+ :localcipher=blowfish,a:\
  :tc=auth-defaults:\
  :tc=auth-ftp-defaults:
 
@@ -64,7 +64,6 @@ daemon:\
  :openfiles-max=1024:\
  :openfiles-cur=128:\
  :stacksize-cur=8M:\
- :localcipher=blowfish,9:\
  :tc=default:
 
 #

Reply | Threaded
Open this post in threaded view
|

Re: Remove useless line from daemon class in login.conf

Daniel Jakots-6
On Sat, 23 May 2020 22:08:11 +0100, Stuart Henderson
<[hidden email]> wrote:

> I think bumping the minimum to 2^9 would be reasonable, there's a more
> noticeable delay on some machines but I think that's fair enough (any
> cracking is likely to be done on a fast machine, and the user can
> force it lower themselves if they want to take the risk).

I think it's a good move.

Isn't this is needed as well then?

Index: cryptutil.c
===================================================================
RCS file: /cvs/src/lib/libc/crypt/cryptutil.c,v
retrieving revision 1.12
diff -u -p -r1.12 cryptutil.c
--- cryptutil.c 13 Sep 2015 15:33:48 -0000 1.12
+++ cryptutil.c 24 May 2020 01:57:39 -0000
@@ -54,7 +54,7 @@ int
 crypt_newhash(const char *pass, const char *pref, char *hash, size_t
hashlen) {
  int rv = -1;
- const char *defaultpref = "blowfish,8";
+ const char *defaultpref = "blowfish,9";
  const char *errstr;
  const char *choices[] = { "blowfish", "bcrypt" };
  size_t maxchoice = sizeof(choices) / sizeof(choices[0]);


Cheers,
Daniel