Ludovic Courtès 写道:
Honestly, I don’t think it’s worth bothering about the
non-substitutable
trick.
Agreed.
In practice, maradns should be able to rely on /dev/urandom at
run time, right?
That is my understanding.
Kind regards,
T G-R
signature.asc
Description: PGP signature
Hi,
Vagrant Cascadian skribis:
> On 2022-07-11, Vagrant Cascadian wrote:
>> I hear Efraim say better to have unique randomness and no substitutes,
>> and I hear Tobias say more or less it's ok as long as upstream is right
>> about it being ok to embed a specific prime as other random numbers get
On 2022-07-11, Vagrant Cascadian wrote:
> I hear Efraim say better to have unique randomness and no substitutes,
> and I hear Tobias say more or less it's ok as long as upstream is right
> about it being ok to embed a specific prime as other random numbers get
> mixed in at runtime...
Well, now th
On 2022-06-28, Tobias Geerinckx-Rice wrote:
>>I am at a loss as to what to do then ... nothing and just have it be
>>unreproducible? embed a specific random number? come up with better
>>upstreamable patches?
>
> From upstream's response and my own biases and my reading of the room here,
> I'd say
...I mean: as long as there's this second, run-time random term added to it as
upstream says there is. I didn't audit the code to verify that.
Kind regards,
T G-R
Sent on the go. Excuse or enjoy my brevity.
>I am at a loss as to what to do then ... nothing and just have it be
>unreproducible? embed a specific random number? come up with better
>upstreamable patches?
From upstream's response and my own biases and my reading of the room here, I'd
say #2.
Kind regards,
T G-R
Sent on the go. Excuse
On 2022-06-28, Gábor Boskovits wrote:
> Tobias Geerinckx-Rice ezt írta (időpont: 2022. jún. 28., K
> 18:07):
>> Vagrant said:
>> > It is expensive to generate the random prime on some hardware, so doing
>> > so at runtime might not be feasible in some cases...
>>
>> But in the same reply you're pa
Hi,
Tobias Geerinckx-Rice ezt írta (időpont: 2022. jún. 28., K
18:07):
> Hi,
>
> Vagrant said:
> > It is expensive to generate the random prime on some hardware, so doing
> > so at runtime might not be feasible in some cases...
>
> But in the same reply you're paraphrasing, upstream also says:
>
Hi,
Vagrant said:
> It is expensive to generate the random prime on some hardware, so doing
> so at runtime might not be feasible in some cases...
But in the same reply you're paraphrasing, upstream also says:
> In 2010, I updated that homegrown hash compression
> algorithm to also add a random
On Tue, 28 Jun 2022, Efraim Flashner wrote:
On Mon, Jun 27, 2022 at 06:31:41PM -0700, Vagrant Cascadian wrote:
https://github.com/samboy/MaraDNS/discussions/101#discussioncomment-3006487
Upstream appears to think it is mostly ok to actually embed a specific
random prime... and not have it b
On Mon, Jun 27, 2022 at 06:31:41PM -0700, Vagrant Cascadian wrote:
> On 2022-06-22, Vagrant Cascadian wrote:
> > On 2022-06-08, Vagrant Cascadian wrote:
> >> On 2022-06-08, Efraim Flashner wrote:
> >>> On Tue, Jun 07, 2022 at 07:20:25AM +0200, Julien Lepiller wrote:
> On June 7, 2022 5:24:22 A
On 2022-06-22, Vagrant Cascadian wrote:
> On 2022-06-08, Vagrant Cascadian wrote:
>> On 2022-06-08, Efraim Flashner wrote:
>>> On Tue, Jun 07, 2022 at 07:20:25AM +0200, Julien Lepiller wrote:
On June 7, 2022 5:24:22 AM GMT+02:00, Felix Lechner
wrote:
>On Mon, Jun 6, 2022 at 6:50 PM
On 2022-06-08, Vagrant Cascadian wrote:
> On 2022-06-08, Efraim Flashner wrote:
>> On Tue, Jun 07, 2022 at 07:20:25AM +0200, Julien Lepiller wrote:
>>> On June 7, 2022 5:24:22 AM GMT+02:00, Felix Lechner
>>> wrote:
>>> >On Mon, Jun 6, 2022 at 6:50 PM Vagrant Cascadian
>>> > wrote:
>> This is some
Hi,
On 6/8/22 16:25, Vagrant Cascadian wrote:
On 2022-06-09, Arun Isaac wrote:
Hi Vagrant,
But there's one nervous-making issue this revealed; maradns embeds a
random number at build time ... allegedly for systems that don't have
/dev/urandom... see
maradns-3.5.0020/deadwood-3.5.0020/src/Make
On 2022-06-08, Efraim Flashner wrote:
> On Tue, Jun 07, 2022 at 07:20:25AM +0200, Julien Lepiller wrote:
>> On June 7, 2022 5:24:22 AM GMT+02:00, Felix Lechner
>> wrote:
>> >On Mon, Jun 6, 2022 at 6:50 PM Vagrant Cascadian
>> > wrote:
>> >>
>> >> So, Debian's maradns package just removes this emb
On 2022-06-09, Arun Isaac wrote:
> Hi Vagrant,
>
>> But there's one nervous-making issue this revealed; maradns embeds a
>> random number at build time ... allegedly for systems that don't have
>> /dev/urandom... see
>> maradns-3.5.0020/deadwood-3.5.0020/src/Makefile.ubuntu2004:
>>
>> # Since som
On 2022-06-08, Liliana Marie Prikler wrote:
> Am Montag, dem 06.06.2022 um 18:49 -0700 schrieb Vagrant Cascadian:
>> p.s. Obviously, I picked the best random number.
> I beg to differ.
>> +-RandomPrime: RandomPrime.c
>> +- $(CC) -O3 -o RandomPrime RandomPrime.c
>> +-
>> +-DwRandPrime.h: Rando
Am Montag, dem 06.06.2022 um 18:49 -0700 schrieb Vagrant Cascadian:
> p.s. Obviously, I picked the best random number.
I beg to differ.
> +-RandomPrime: RandomPrime.c
> +- $(CC) -O3 -o RandomPrime RandomPrime.c
> +-
> +-DwRandPrime.h: RandomPrime
> +- if [ -e /dev/urandom ] ; then ./Rand
Hi Vagrant,
> But there's one nervous-making issue this revealed; maradns embeds a
> random number at build time ... allegedly for systems that don't have
> /dev/urandom... see
> maradns-3.5.0020/deadwood-3.5.0020/src/Makefile.ubuntu2004:
>
> # Since some systems may not have /dev/urandom (Win
Efraim Flashner 写道:
I like the idea of forcing the program to segfault if it looks
for
/dev/urandom and it isn't there more than distributing a
randomized
prime number.
+4
Or error out nicely. Don't let's ship such ‘features’.
Kind regards,
T G-R
signature.asc
Description: PGP signature
On Tue, Jun 07, 2022 at 08:11:54AM -0400, Brian Cully via Development of GNU
Guix and the GNU System distribution. wrote:
>
> > > The upstream website says: "People like MaraDNS because it’s ...
> > > remarkably secure." [1] Since many distributions have the same
> > > issue,
> > > upstream could
On Tue, Jun 07, 2022 at 07:20:25AM +0200, Julien Lepiller wrote:
>
>
> On June 7, 2022 5:24:22 AM GMT+02:00, Felix Lechner
> wrote:
> >Hi,
> >
> >On Mon, Jun 6, 2022 at 6:50 PM Vagrant Cascadian
> > wrote:
> >>
> >> So, Debian's maradns package just removes this embedding of a "random"
> >> num
Hi,
Vagrant Cascadian skribis:
> But there's one nervous-making issue this revealed; maradns embeds a
> random number at build time ... allegedly for systems that don't have
> /dev/urandom... see
> maradns-3.5.0020/deadwood-3.5.0020/src/Makefile.ubuntu2004:
>
> # Since some systems may not hav
The upstream website says: "People like MaraDNS because it’s ...
remarkably secure." [1] Since many distributions have the same
issue,
upstream could perhaps offer the patch as a build switch to
enable a
build-time seed only when needed.
Sounds like the safest option. Maybe we could change
On June 7, 2022 5:24:22 AM GMT+02:00, Felix Lechner
wrote:
>Hi,
>
>On Mon, Jun 6, 2022 at 6:50 PM Vagrant Cascadian
> wrote:
>>
>> So, Debian's maradns package just removes this embedding of a "random"
>> number, and I've basically adapted their patches to build reproducibly
>> on guix too...
Hi,
On Mon, Jun 6, 2022 at 6:50 PM Vagrant Cascadian
wrote:
>
> So, Debian's maradns package just removes this embedding of a "random"
> number, and I've basically adapted their patches to build reproducibly
> on guix too... by basically embedding the same "random" number every
> single build!
T
So, I've got a fix for the reproducibility issues for maradns... part of
the fixes are fairly obvious, setting a specific date and setting the
version to be, well, the version...
But there's one nervous-making issue this revealed; maradns embeds a
random number at build time ... allegedly for syst
27 matches
Mail list logo
