Re: xz backdoor

To: Luca Boccassi <bluca@debian.org>
Cc: debian-devel@lists.debian.org
Subject: Re: xz backdoor
From: Pierre-Elliott Bécue <peb@debian.org>
Date: Sun, 31 Mar 2024 14:34:45 +0200
Message-id: <[🔎] 87jzliy3vv.fsf@daath.pimeys.fr>
In-reply-to: <[🔎] CAMw=ZnSAu1tY+pHWvfGV_0w9zMmtwhezP8TcweS81WLEWPsi-Q@mail.gmail.com>
References: <[🔎] ZgcgCR8uDPIXVJS_@akarlsso-mac.trudheim.com> <[🔎] 87a5mgkcn4.fsf@hope.eyrie.org> <[🔎] 875xx4k9bv.fsf@hope.eyrie.org> <[🔎] 36567ed4-7246-4466-9122-2934d6e9f18f@debian.org> <[🔎] Zgg3Gm0aGIdQCMua@bongo.bofh.it> <[🔎] 845606FD-868C-4509-A0B1-5B43228CACF7@riseup.net> <[🔎] 9b21d870fa7b67add8c4f52016012bd3@kvr.at> <[🔎] ZgjI6eznpC34xsbs@novelo> <[🔎] ZgkLUpYx8qf9I_Jv@belkar.wrar.name> <[🔎] 20240331072156.lasu37crgaluzmcb@shell.thinkmo.de> <[🔎] CAMw=ZnSAu1tY+pHWvfGV_0w9zMmtwhezP8TcweS81WLEWPsi-Q@mail.gmail.com>

Luca Boccassi <bluca@debian.org> wrote on 31/03/2024 at 12:47:57+0200:

> On Sun, 31 Mar 2024 at 08:39, Bastian Blank <waldi@debian.org> wrote:
>>
>> On Sun, Mar 31, 2024 at 12:05:54PM +0500, Andrey Rakhmatullin wrote:
>> > On Sat, Mar 30, 2024 at 11:22:33PM -0300, Santiago Ruano Rincón wrote:
>> > > As others have said, the best solution is to relay on HSW for handling
>> > > the cryptographic material.
>> > Aren't these answers to different questions?
>> > Not all attacks are about stealing the key or using it to sign unintended
>> > things.
>>
>> Also a HSM does only allow to control access to the cryptographic
>> material.  But it asserts no control over what is actually signed.
>>
>> So an attacker needs to wait until you ask the HSM it is okay to sign
>> something.
>>
>> Bastian
>
> This is true as in the default configuration you get asked for the
> yubikey pin only once per "session", and then it's cached
> transparently and there's no GUI feedback when the token is used (the
> light on it blinks, but noticing that requires having it in line of
> sight at all times). However, it's already better than nothing as it
> means such an attack must be "online", and run in the same "session"
> as the active user, so perfect should definitely not be the enemy of
> good here IMHO. Also, iirc this can be configured to always ask for
> the pin on each signature, although this could get burdensome. But
> given the very low price of yubikeys (or similar tokens), and how well
> and seamless they work these days, I think the offer of buying any DD
> that doesn't have one such a token is one that we should take up and
> make it happen.

The PGP submodule of a Yubikey can host 3 keys, one signing, one
authent, and one encrypt. ISTR accessing the signing key is always
prompting for the PIN. Same for the encryption key. (I think both can be
configured otherwise)

On the contrary, the authentication subkey is a one-per-session shot
only.

For the signing slot, there's a counter set in the yubi that increments
for each successful access.

-- 
PEB

Attachment: signature.asc
Description: PGP signature

Reply to:

References:
- xz backdoor
  - From: Sirius <sirius@trudheim.com>
- Re: xz backdoor
  - From: Russ Allbery <rra@debian.org>
- Re: xz backdoor
  - From: Russ Allbery <rra@debian.org>
- Re: xz backdoor
  - From: Jonathan Carter <jcc@debian.org>
- Re: xz backdoor
  - From: Marco d'Itri <md@Linux.IT>
- Re: xz backdoor
  - From: Santiago Ruano Rincón <santiagorr@riseup.net>
- Re: xz backdoor
  - From: Christian Kastner <ckk@kvr.at>
- Re: xz backdoor
  - From: Santiago Ruano Rincón <santiagorr@riseup.net>
- Re: xz backdoor
  - From: Andrey Rakhmatullin <wrar@debian.org>
- Re: xz backdoor
  - From: Bastian Blank <waldi@debian.org>
- Re: xz backdoor
  - From: Luca Boccassi <bluca@debian.org>

Prev by Date: Re: xz backdoor
Next by Date: Re: xz backdoor
Previous by thread: Re: xz backdoor
Next by thread: Re: xz backdoor
Index(es):
- Date
- Thread