Bug#451355: ITP: libgfshare -- library and utilities for multi-way secret sharing

To: Soren Hansen <soren@ubuntu.com>, 451355@bugs.debian.org
Cc: Daniel Silverstone <dsilvers@digital-scurf.org>
Subject: Bug#451355: ITP: libgfshare -- library and utilities for multi-way secret sharing
From: Simon McVittie <smcv@ianadd.pseudorandom.co.uk>
Date: Fri, 16 Nov 2007 10:31:06 +0000
Message-id: <[🔎] 20071116103106.GA20078@carbon.pseudorandom.co.uk>
Reply-to: Simon McVittie <smcv@ianadd.pseudorandom.co.uk>, 451355@bugs.debian.org
In-reply-to: <[🔎] 20071115102918.GD3975@atlas.linux2go.dk>
References: <[🔎] 20071115100246.GA22682@carbon.pseudorandom.co.uk> <[🔎] 20071115102918.GD3975@atlas.linux2go.dk>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

(Cc'ing the author)

On Thu, 15 Nov 2007 at 11:29:18 +0100, Soren Hansen wrote:
> I already packaged this in Ubuntu. Feel free to adopt it for Debian.

Having looked at the Ubuntu packaging, I'm somewhat concerned about it -
it seems you don't have the changes I made in upstream bzr to make
gfsplit cryptographically safe. In 1.0.2 it uses pseudo-random numbers from
rand() to do the splitting - I haven't proved whether any connection between
the "random" coefficients breaks the useful cryptographic properties of the
Shamir method, but I suspect it does, and my analysis of it
(doc/theory.tex in bzr) assumes that the random numbers used are uniform
and independent.

In upstream bzr I patched gfsplit to use /dev/urandom if it exists, and warn
if it doesn't; this is why I'm packaging a bzr snapshot rather than a
release. I've asked Daniel to make a 1.0.3 release, but presumably he's
been too busy recently.

The patch to gfcombine to support "-" as meaning standard output looks
reasonable, but I'm not sure what it's doing in Ubuntu but not
upstream... perhaps we could get that in 1.0.3. The patch is:

- --- libgfshare-1.0.2.orig/tools/gfcombine.c
+++ libgfshare-1.0.2/tools/gfcombine.c
@@ -88,9 +88,13 @@
   gfshare_ctx *G;
   unsigned int len1;
   
- -  outfile = fopen( outputfilename, "wb" );
+  if (strcmp(outputfilename, "-") == 0)
+    outfile = fdopen(STDOUT_FILENO, "w");
+  else 
+  	outfile = fopen( outputfilename, "wb" );
+
   if( outfile == NULL ) {
- -    perror(outputfilename);
+    perror((strcmp(outputfilename, "-") == 0) ? "standard out" : outputfilename);
     return 1;
   }
   for( i = 0; i < filecount; ++i ) {

although I'd be inclined to change it to just use stdout instead of fdopening
STDOUT_FILENO, and make the indentation consistent (the rest of the package
consistently uses 2 spaces, the "else" clause in the patch has a tab).

Regards,
    Simon
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: OpenPGP key: http://www.pseudorandom.co.uk/2003/contact/ or pgp.net

iD8DBQFHPXFqWSc8zVUw7HYRAo3bAJ9LIJ+S7GUYs7feTpUgsJoI/ycVxQCeJ9oc
TguC+Rxp4KLY5Hn4ShgZCEE=
=Iqj7
-----END PGP SIGNATURE-----

Reply to:

Follow-Ups:
- Bug#451355: ITP: libgfshare -- library and utilities for multi-way secret sharing
  - From: Soren Hansen <soren@ubuntu.com>

References:
- Bug#451355: ITP: libgfshare -- library and utilities for multi-way secret sharing
  - From: Simon McVittie <smcv@ianadd.pseudorandom.co.uk>
- Bug#451355: ITP: libgfshare -- library and utilities for multi-way secret sharing
  - From: Soren Hansen <soren@ubuntu.com>

Prev by Date: Bug#449435: RFA: shfs
Next by Date: Bug#293316: Anything new with this package ?
Previous by thread: Bug#451355: ITP: libgfshare -- library and utilities for multi-way secret sharing
Next by thread: Bug#451355: ITP: libgfshare -- library and utilities for multi-way secret sharing
Index(es):
- Date
- Thread