Bug#659036: #659036 debian-keyring: Here's a patch. (Hint: the bug occurs about 1/256th of the time)

Paul Vojta vojta at math.berkeley.edu
Wed Mar 1 19:50:22 UTC 2017


Hi,

I'm fairly certain that I've found the bug.

The problem is that the gnome keyring daemon and libsecret are using very
slightly different algorithms to create the private aes key used for
communication over dbus.  They're constructing the same dh secret,
but in those cases where the secret is < 2^{1024-8}, they apply the sha256
algorithm to byte strings of different lengths, so they get different
aes keys.  Then everything falls apart.

I attach a patch.  With the patch, the error did not occur during 10,000
iterations, so it's pretty safe (probability roughly 1 - 10^{-17}) to say
that it fixes the bug.

I don't know enough about the various standards in cryptography, so I don't
really know whether gnome-keyring (actually, libgck) or libsecret is more
to blame.  I chose to modify libsecret, since gnome-keyring's approach
seems to be cleaner, and since libgck is probably used in many other
applications, so is more likely to be correct.

I also recommend changing the error message.  I don't think that
there's any such thing as an unencryptable secret in aes (unless it has
infinite length or something).  I suggest "failure in communicating
with keyring daemon" or perhaps "unknown decryption failure", but would
be open to other possibilities.

Sincerely,


Paul Vojta
-------------- next part --------------
A non-text attachment was scrubbed...
Name: patch
Type: text/x-diff
Size: 1167 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnome-maintainers/attachments/20170301/1c488274/attachment.diff>


More information about the pkg-gnome-maintainers mailing list