Re: fermat primes and dnssec-keygen bug?
[ Quoting spa...@countryday.net at 14:33 on Mar 7 in RE: fermat primes an... ] Its not about integer overflow, it's about the fact that F5 does not add to the security, but does use up a lot of CPU cycles. I'd like to study this issue more. Would you please provide a reference that discusses your assertion that using an F5 public exponent does not add to the security of RSA encryption vs. F4 or perhaps F0. With regard to CPU utilization, from the description of the modular exponentiation algorithm at http://en.wikipedia.org/wiki/Modular_exponentiation#Right-to-left_binary_method, it appears that the number of modular multiplications required for a modular exponentiation is the total number of bits in the exponent plus the number of one bits. This is 19 for an F4 exponent and 35 for F5. Given this, it's not obvious to me that the CPU utilization differences are significant. If you can point me to a reference that benchmarks this, that would be much appreciated. Well, go argue with Adam Langly in the bug report I submitted (and Paul quoted in this thread). grtz Miek signature.asc Description: Digital signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: fermat primes and dnssec-keygen bug?
[ Quoting spa...@countryday.net at 04:07 on Mar 7 in RE: fermat primes
an... ]
I would recommend that dnssec-keygen starts ignoring the -e parameter
that everyone has put in their scripts to prevent exponent 3 keys, who are
not getting keys with exponent 4294967296 + 1 (F5)
Alternatively, if this is done on purpose, I guess we should all migrate
the 64 bit machines :)
This is interesting, if I correctly understand your point, but it appears
that dnssec-keygen computes F5 differently than you do in your example in
http://code.google.com/p/go/issues/detail?can=2start=0num=100q=colspec=ID%20Status%20Stars%20Priority%20Owner%20Reporter%20Summarygroupby=sort=id=3161.
In your example:
pubkey := new(rsa.PublicKey)
pubkey.N = big.NewInt(0)
pubkey.E = 4294967296 + 1
which results in 32-bit integer overflow.
In bind-9.9.0/lib/dns/opensslrsa_link.c, starting at line 750:
if (exp == 0) {
/* RSA_F4 0x10001 */
BN_set_bit(e, 0);
BN_set_bit(e, 16);
} else {
/* F5 0x10001 */
BN_set_bit(e, 0);
BN_set_bit(e, 32);
}
Its not about integer overflow, it's about the fact that F5
does not add to the security, but does use up a lot of CPU cycles.
grtz Miek
signature.asc
Description: Digital signature
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
HIP record
Hello, While playing with the HIP record I wanted to place some test records in a zone. I used the examples from RFC 5205 (Section 6.). ;; Tests t IN HIP ( 2 200100107B1A74DF365639CC39F1D578 AwEAAbdxyhNuSutc5EMzxTs9LBPCIkOFH8cIvM4p 9+LrV4e19WzK00+CI6zBCQTdtWsuxKbWIy87UOoJTwkUs7lBu+Upr1gsNrut79ryra+bSRGQ b1slImA8YVJyuIDsj7kwzG7jnERNqnWxZ48AWkskmdHaVDP4BcelrTI3rMXdXF5D ) t IN HIP ( 2 200100107B1A74DF365639CC39F1D578 AwEAAbdxyhNuSutc5EMzxTs9LBPCIkOFH8cIvM4p 9+LrV4e19WzK00+CI6zBCQTdtWsuxKbWIy87UOoJTwkUs7lBu+Upr1gsNrut79ryra+bSRGQ b1slImA8YVJyuIDsj7kwzG7jnERNqnWxZ48AWkskmdHaVDP4BcelrTI3rMXdXF5D rvs.example.com. ) Checking these with named-checkzone yields: loading evilquery.nl from evilquery.nl class IN dns_rdata_fromtext: evilquery.nl:30: near '9+LrV4e19WzK00+CI6zBCQTdtWsuxKbWIy87UOoJTwkUs7lBu+Upr1gsNrut79ryra+bSRGQ': label too long dns_rdata_fromtext: evilquery.nl:35: near '9+LrV4e19WzK00+CI6zBCQTdtWsuxKbWIy87UOoJTwkUs7lBu+Upr1gsNrut79ryra+bSRGQ': label too long zone evilquery.nl/IN: loading from master file evilquery.nl failed: label too long zone evilquery.nl/IN: not loaded due to errors. This is with bind9.7.3. I think records are OK and bind should be able to parse them? grtz, -- Miek signature.asc Description: Digital signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: HIP record
[ Quoting ma...@isc.org at 07:09 on Feb 20 in Re: HIP record... ] Both records are malformed. Remove the whitespace from the public key. The Public Key field is represented as the Base64 encoding [RFC4648] of the public key. The encoding MUST NOT contain whitespace(s) to distinguish it from the Rendezvous Servers field. And you failed to read the note immediately above them. In the examples below, the public key field containing no whitespace is wrapped since it does not fit in a single line of this document. Thanks for your reply. But I have another query then. Is there a difference between: blah ( bla1 bla2 ) and: blah ( bla1 bla2 ) In other words: is the space significant in the second example? grtz Miek signature.asc Description: Digital signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: HIP record
[ Quoting ma...@isc.org at 07:45 on Feb 20 in Re: HIP record... ] But I have another query then. Is there a difference between: blah ( bla1 bla2 ) and: blah ( bla1 bla2 ) In other words: is the space significant in the second example? no. Ok, that's in line with RFC 1035. But I'm confused now, if that space is not significant, BIND should be able to correctly parse the HIP record as emailed before (and not try to recognize it as an ownername) ? Regards, Miek Gieben signature.asc Description: Digital signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: HIP record
[ Quoting ma...@isc.org at 10:51 on Feb 20 in Re: HIP record... ] The presence of white space is significant, not whether the whitespace is linebreak or linebreak + space or even space. You asked me if there was any difference between linebreak or linebreak + space and there isn't. Where is this specified? The closest I can find is 1035, but it only says: ( ) Parentheses are used to group data that crosses a line boundary. In effect, line terminations are not recognized within parentheses. Regards, Miek Gieben signature.asc Description: Digital signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: A few conceptual question about dnssec.
[ Quoting gaurav.kan...@nic.in at 00:36 on Feb 18 in RE: A few conceptual... ] Firstly, where do we get the public key for the DS records? Can you clarify your question??? Second, why do I get multiple DS records as response? – You will always get a 2 DS Records in response. One for SHA-1 and second for SHA-256. That completely depends on what is configured in the zone. Perhaps this will help: http://nlnetlabs.nl/publications/dnssec_howto/ grtz Miek signature.asc Description: Digital signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: dig -- only RRSIG present.
[ Quoting de.tec...@gmail.com at 23:10 on Feb 12 in dig -- only RRSIG pr... ] I'm trying to see DNSSEC response of various sites; my DNS server is 8.8.8.8 (google's public DNS service) Google's public resolvers don't handle DNSSEC very well... grtz Miek signature.asc Description: Digital signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: bind crash with max-refresh-time 0;
[ Quoting uh...@fantomas.sk at 13:32 on Feb 6 in Re: bind crash with ... ] needed to go in production. (Sadly bind bugs aren't searchable on the internet). So to work around this I thought: kill the SOA timers (messing with the zone is not an option) and only use notifies. But then bind crashes :) Are you sure that only xferring when NOTIFY is received will prevent from crashing when another NOTIFY is received during transfer triggered by one NOTIFY? I doubt so. In such case, better aproach should be disabling NOTIFY and only transferring when timers expire. Yes, but that would introduce a long(er) latency we don't want. However, the best approach should be upgrading to 9.8 and/or trying to replicate the problem (using unstripped BIND with debug informations and inspecting core file). I'm not going to debug this bind crash. Upgrading to BIND 9.8 is under consideration, but not likely to happen soon. Thanks. grtz Miek signature.asc Description: Digital signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: bind crash with max-refresh-time 0;
[ Quoting ma...@isc.org at 11:10 on Feb 3 in Re: bind crash with ... ] I'm using the following settings in named.conf: max-refresh-time 0; min-refresh-time 0; max-retry-time 0; min-retry-time 0; multi-master yes; What are you trying to achieve? A slave it needs to check that its copy of the zone is up to date or else the zone *will* expire. Does this also stop a slave from checking when it receives a notify? The documentation isn't clear on that. Seems that BIND (9.7.3-something and 9.7.4-p1 tested) does not like this: Then don't do that. :-). Agreed, but crashing is a bit harsh, don't you think? :) grtz Miek signature.asc Description: Digital signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: bind crash with max-refresh-time 0;
[ Quoting uh...@fantomas.sk at 10:50 on Feb 3 in Re: bind crash with ... ] Does this also stop a slave from checking when it receives a notify? The documentation isn't clear on that. configure master not to send notifies then. Alternatively, you can deny notifies from master. But the first Mark's question is still important: What are you trying to achieve? We were (are?) seeing a bug when using multiple masters. If during a zone transfer a notify is sent, it looks like BIND aborts the transfer and tries the second master. This second master is a spare standby and it normally turned off. When BIND hits this second master it sees it cannot do an axfr. BIND then (this is the bug) does not return to the first master to finish (or restart) the transfer. It just sits until the retry timer expires, which in this case is 15 minutes. We notified ISC of this, but replicating this bug was hard and we needed to go in production. (Sadly bind bugs aren't searchable on the internet). So to work around this I thought: kill the SOA timers (messing with the zone is not an option) and only use notifies. But then bind crashes :) grtz, -- Miek signature.asc Description: Digital signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
