Perl 6 - the future is here, just unevenly distributed

IRC log for #darcs, 2017-03-12

| Channels | #darcs index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:13 sm @tell jeltsch markdown files are now displayed as source like other files, except for readmes when viewing their directory (cc pointfree)
00:13 lambdabot Consider it noted.
02:47 ilbot3 joined #darcs
02:47 Topic for #darcs is now http://darcs.net/ | logs: http://irclog.perlgeek.de/darcs/ | darcs 2.12.5 is out http://darcs.net/Releases/2.12
02:57 pointfree Thanks sm! Lots of issues closed!
02:58 pointfree apologies. I've been swamped with other stuff lately.
03:00 sm hey there pointfree.. I figured
03:01 * sm thinks put should be made another alias for clone/get instead of being deprecated
03:04 sm pointfree: I just accidentally pushed http://hub.darcs.net/pointfree/ssh-curve25519-sha256/patch/75cb7ae320b9cf40d7f0b1e4b713d993e8b3dfc1 , I guess I'm a collaborator on your repo
03:06 pointfree hahas I don't remember adding you as a contributor, but thanks for the patch!
03:06 sm IIRC, you'll see simon in members in repo settings
03:13 sm pointfree: darcs hub is now running your curve25519 branch of ssh, so "KexAlgorithms +diffie-hellman-group1-sha1" in ~/.ssh/config is no longer needed
03:13 sm seems to work, as far as I can tell!
03:14 sm but clearly it would be better to get your work into trunk, tests passing etc.
03:15 sm or at least tests not failing
03:26 pointfree yay!
03:31 Riastrad1 joined #darcs
03:31 sm now we have to get everyone to remove it from their ssh config
03:32 sm I won't make a big noise about it until it's in trunk I think
03:34 pointfree yeah, I think so too.
03:34 maerwald_ joined #darcs
03:35 pointfree passing tests would require libssh2 to add support for curve25519-sha256 ...or a switch to the more full-featured libssh
03:36 pointfree I think the name "libssh2" is very misleading because they are two unrelated projects.
03:39 sm ack
03:40 sm I'm ignoring ssh-hans for now since it also requires some custom setup
03:44 sm see you
04:38 leg joined #darcs
04:56 mizu_no_oto joined #darcs
08:37 ThomasLocke joined #darcs
08:48 pem__ pointfree: I believe Thrussh (the thing I wrote for pijul) would benefit from writing common tests
08:49 pem__ It can run the SSH protocol entirely inside buffers (without sockets, it just needs something that implements typeclasses/trait called "Read" and "Write" in Rust).
10:04 ThomasLocke joined #darcs
10:07 ThomasLocke sm, Did you just fix the SSH vulnerability on hub.darcs.net? Holy crap! Awesome...
10:07 ThomasLocke Thanks man.
10:21 pem__ ThomasLocke, sm: beware, it's not really fixed. I believe you should remove obsolete algorithms (any algorithm with "sha1" in their name, to begin with) from the KEX list. "ssh -vv hub.darcs.net" tells me it's still on.
11:20 sm ThomasLocke: just deployed some work by pointfree
11:21 sm pem__: thanks, hmm
11:29 pem__ sm, pointfree: I forgot to say how awesome I think this update is! This makes hub.darcs.net recommendable to darcs beginners!
12:01 pointfree Users will not need to remove anything from their ssh config to use the new kex.
12:01 pointfree "The '+' before the list instructs ssh to append the algorithm to the client's default set rather than replacing the default. By appending, you will automatically upgrade to the best supported algorithm when the server starts supporting it. " https://www.openssh.com/legacy.html
12:20 diskie_ joined #darcs
13:19 sm pointfree: so you're saying having "KexAlgorithms +diffie-hellman-group1-sha1" left over in ~/.ssh/config is not so bad ? It'll allow folks to connect to weakly-secured servers that otherwise would reject them, but otherwise won't be used ?
13:20 sm and, shouldn't affect any other servers actually, if they copied the FAQ snippet
13:22 sm so how do we get ssh to stop offering sha1 at all, as in
13:22 sm debug2: KEX algorithms: curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c
13:22 sm debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
13:22 sm etc.
14:30 stef204 joined #darcs
15:56 mizu_no_oto joined #darcs
16:11 pem__ pointfree, sm: in general, not supporting obsolete algorithms is a good idea, because you don't know what attacks can happen.
16:12 pem__ for this particular one, here is how to hack the connection: the KEX packets are not authenticated in SSH. A MITM could be performed on that particular phase, allowing the attacker to force the client and the server to use sha1.
16:13 pem__ Now, is sha1 really that bad? In the particular case of SSH, I don't believe there is any known technique to forge collisions, because the hashed text is of a very special form, known to both the client and the server.
16:14 pem__ However, not immediately knowing how to hack bad crypto is not an excuse for using it.
16:15 pem__ SHA1-based MACs are probably somewhat weaker than their SHA-256 counterparts, although in the case of HMAC you would need to break the symmetric cipher first.
16:16 leg joined #darcs
17:29 mornfall as far as anyone knows, sha1 hmac is very far from being broken
17:48 Igloo You mean as far as /you/ know, as far as anyone knows, ...  :-)
18:24 pem__ There is an RFC stating that using HMAC-MD5 is ok, yet no one uses that anymore. If we have better hashes, why not use them?
18:35 sm I thought of ssh as a pure haskell package, but it depends on HsOpenSSL which is a binding to the C openssl lib, isn't it
18:39 sm I'm wondering which package produces the "debug2: KEX algorithms: ..." output above
18:49 sm ohh.. it's probably from openssh, in the client
18:59 sm so actually, that long list of algorithms follows "local client KEXINIT proposal". After that comes "peer server KEXINIT proposal", and following that is just "KEX algorithms: curve25519-sha256@libssh.org"
19:00 sm pem__: so, isn't this a problem with our ssh client config, not darcs hub ?
19:22 stef204 joined #darcs
19:29 pem__ sm: fortunately, the crypto in your SSH implementation is not done in Haskell: (1) most crypto experts don't speak haskell, can't review it, and (2) GHC produces non-crypto-safe code (by design), whereas OpenSSL does these bits in assembly.
19:30 pem__ as for the client vs server part, I don't think so: an attacker can get the server to think the client supports only obsolete crypto, and vice-versa (get the client to think the server only supports outdated crypto).
19:32 sm pem__: so when you say "it's not really fixed. I believe you should remove obsolete algorithms (any algorithm with "sha1" in their name, to begin with) from the KEX list. "ssh -vv hub.darcs.net" tells me it's still on.". It's in the client list, not the server list, yes ?
19:32 sm or, more briefly.. what should I do ? :)
19:34 sm you have prompted me to try hardening my client config, using a mozilla doc
19:34 pem__ Hey, you're right, it seems to be in the client!
19:35 pem__ Sorry for the noise.
19:35 sm no problem
19:36 sm I can see it is offering only these MAC algorithms though: hmac-sha1,hmac-md5
19:36 sm neither of which is recommended by this mozilla doc
19:36 pem__ yes, after removing that line from .ssh/config, it's not advertising it anymore.
19:37 * sm wonders where darcsden-ssh decides what algorithms to offer
19:38 sm here's the doc, in case anyone else wants to firm up their ssh config: https://wiki.mozilla.org/Security/Guidelines/OpenSSH#Configuration_2
19:41 sm and if you want to use that config, you put it last in ~/.ssh/config and then add these lines to your Host hub.darcs.net section:
19:41 sm Ciphers aes256-cbc,aes192-cbc,aes128-cbc
19:41 sm MACs +hmac-sha1
19:43 sm or similar. Ie, darcsden-ssh/the ssh package aren't up to communicating with that secure config, so you have to allow some weaker algorithms
19:44 sm Ciphers +aes256-cbc, MACs +hmac-sha1
19:48 maerwald_ i
20:02 pointfree sm: right here: http://hub.darcs.net/pointfree/ssh-curve25519-sha256/browse/src/SSH.hs#44
23:39 mizu_no_oto joined #darcs

| Channels | #darcs index | Today | | Search | Google Search | Plain-Text | summary