On Tue, 2019-01-15 at 14:51 +0100, Florian Weimer wrote:
* Simo Sorce:
> On Tue, 2019-01-15 at 10:39 +0100, Florian Weimer wrote:
> > * Ben Cotton:
> >
> > > Remove real functionality from encrypt, encrypt_r, setkey, setkey_r,
> > > and fcrypt from the libxcrypt.so.1 compatibility library and let those
> > > functions set "errno" to "ENOSYS" when invoked.
> >
> > encrypt rewrites its argument in place, so this will leave the argument
> > unencrypted. This does not seem a good idea, even if it's just DES.
>
> Maybe encrypt with AES and return an error anyway ?
It's still only got a 56-bit key. AES would only make dictionary
attacks easier because there are more efficient AES implementations than
DES implementations.
You could use a random key, but yeah if you need to simply make it
inoperable just overwrite with random.
Maybe the stub implementation should just overwrite the argument
with
zeros.
I wouldn't overwrite with zeros because then it is clear the encryption
failed and if it is used in non-orthodox ways could give an attacker a
way to exploit the zeroing.
(for example if someone uses it to encrypt a password, instead of
hashing it and then compare to some stored value, then zeroing might be
a bad choice as all invocations will always return the same value and
would always compare "right")
Simo.
--
Simo Sorce
Sr. Principal Software Engineer
Red Hat, Inc