 With my voice the way it is. I need to use the mic Hi, my name is Hugh Daniel for those of you who haven't had the fun of running across me. I Guess I called this meeting to solve some problems. I have and to try and see about fixing Some major problems that I see in Linux space. This is a very Linux centric meeting Let me let me start off by explaining my work I managed the Linux free swan project our goal is to provide a stable solid usable Implementation of all the technologies necessary to do secure IP communications for Linux so this is going to be a very technical talk and I'm not trying to drive you away or anything But this is intended to be technical and my goal was to get as many of the European developers of crypto pieces for Unix in one place has as possible because Right now crypto is kind of an ad hoc thing and until crypto becomes infused at every layer of Linux or any Unix Security will be an ad hoc thing and that means that most people won't have security They'll have a box. They'll be running SSH or they'll be running PGP and they'll think they're secure But until we put this into the system so that every Copy of Linux that anyone ever extracts off of a CD or off of the net has crypto in it top to bottom at every layer We're not going to have security every box is going to have some hole in it That's someone like me who's bright enough or at least bored enough can crawl through in there and start causing mischief or pain for someone So this needs to be solved and my idea here was hey, I'm going to be in Europe I'm going to be where a lot of the the hackers are already Let's try to get everyone involved Okay, party time Could I ask someone is that disturbing you or just me? Just me okay, I'll ignore it The idea here was was to get people to sit down and talk about what pieces are missing and how we can start getting crypto Into the various distributions or at least the ones that come from free countries, which certainly is not the United States of America Now Soon I think down and back was the problem here So I has such I don't expect this to be the hue holds forth for two hours Sort of panel really what I'm trying to do is get people talking about What they've got that they can help pour into the pot think of this is stone soup Except that I'm not starting with a pure pot And asking in the stones and asking you to bring the rest. I actually have a few of the ingredients Specifically our team that we put together has a working free swan or has a working IP sack implementation It also has a working Ike Damon Both of which are lacking pieces We have three paid Staff that are working on pushing this forward at the moment They need help in various areas most specifically one of the first things that got me going is we need Gpld crypto libraries One crypto library that can be included both in the kernel for the few things that need it and that can be included in any Damon's that get written or any user programs a Case point an example is I'm pushing my guys real hard right now to start using DNS sec If this is flying over too many heads Raise your hands with questions about acronyms. I won't go into lengthy descriptions of things But I'll be happy to describe what what a particular acronym is Yes The question is what do I mean by crypto library? Do I mean low-level stuff or high-level stuff? And my answer was yes Can you can you speak louder or can we get this more hold on a moment? I'm in discussing crypto libraries a little with Werner Author of a new privacy guard for the sort of know me, which is probably most of you. I'm Hacking at moment for on a gpld SS age replacement called LSA age No, Nils Mahler And I'm where I've been discussing a little have had different opinions But I think in my experience is that you what what I need is the low-level library I want a simple black group this hash functions as big names and stuff Then I want to build that abstractions. I need on top of that And my experience is that if I get a fancy library with its own high-level API That a pay most likely doesn't fit my application Therefore if we do the crypto library stuff, we need It's nice to build one or several high-level APIs, but we need a low-level as well At least I do Well, I Or if you're all planning on doing some acting or something, but there's quite a lot of people here I was expecting more like 20 or 30 people instead. We've got more like a hundred and a lot of you say For caring enough to at least stand and watch all this Whoa, it's working How many of you have contributed Even as little as a line of code that's ending up in the Linux kernel Linux distributions And any code that would be a Linux distribution Okay, all right, everyone else who didn't raise the hand clap So by low-level you're talking math functions big nums the whole bit like that I Okay, would you consider Implementing say triple des would that be too high for you? What I need now is I need triple des my team I should say needs a triple that well, we've got a triple desk We've got various things, but you know, it's There's this problem with The the libraries right now there's a whole bunch of we're arguing over the granularity of the functions we need, okay, and That's nice. That's a great technical argument I actually know that there's a lot of libraries out there, but most of them come with some sort of whacked out Licensing they don't have the Berkeley licensing. They don't have the artistic licensing and they certainly don't have the GPL licensing and Really what we need is all the crypto algorithms anyone can imagine in GPL Licensing in a library that we can include that it's got both low-level access and high-level access to these crypto functions So that we can get people optimizing them so that So that they can be included in any Linux distribution any of those three licenses would do you had Yes, that's right. That's what I do. I used available implementations the public domain and things I think I wrote RC4 by myself, but that's trivial. So The thing if you want this more than the code There's a lot of there's some stuff around it You need out-of-con stuff to figure out word sizes and some I've tried to get the end in this and that sort of details and You want to have it comes these things you want to use them collect them so that it is consistent You also want fairly consistent set of functions for example, I want to stay struck the length the data pointer and And and the convent convention should do but it's a good thing to have the same Convention for all looks I first and that's the point of putting it into a library to get consistency consistency also In my work with one X freeze one project I have found a pile of libraries out there in my looking and I'm certain I've missed some or something like this Right, but I haven't found one with a GPL license If you eat right and in an open PGP, I can assure you doesn't implement some of the algorithms my team needs this week That they have some pieces right I've talked to Verna Koch about this stuff in email and For the new privacy guard I've looked at that code and it's sure is I think it's pretty good code But the API is too high level for my purpose. It has its own Object system kind of thing its own look up and fall of algorithms its own Dynamic load interface and I don't want that because that doesn't mix with my thing I want to do my own my own abstractions about it Are any of the open CA people here? Shoot they haven't made it up from Italy yet. I guess it's a long drive Is anyone else here who's actually doing like the two of us although I'm an American so I can't code right Actually doing crypto projects Okay Let me ask other people at this level low level of libraries and stuff are you running into any problems? Would your of implementations have gone quicker if you just had the pieces laying around Yeah, and SS le a y does not have a GPL license Others keep the mic You might want to have a quick look at LSA to see if If the G-Pelco that received your needs it It has some things and it's at least I thought about Making independent of LSA, but I haven't got around to that yet. That's similar to better and coch in new privacy guard Yeah Yeah, I think that one of the things that's happening here is we're all having to rebuild parts of the wheel and Unfortunately, we're all getting the diameter of the wheel wrong and then we put them all together in a Linux distro and We've got 800 K of loaded crypto algorithms, which are different when 30 or 40 K should do the trick Oh great, I hadn't run into that one Um So how does this get solved? Is it is there someone who's interested in this piece? Can can we get you know you guys at chaos to contribute some algorithms and you guys at all say should contribute some others? Is I can't do this work people. I'm an American my government thinks I'm too good for you Okay, so you know we need people to step in here and look at this what would be especially nice actually is For people like you just Email to somewhere. I don't know where is a good spot where we can all communicate I certainly can't host a list in the USS of a You can host a list, okay All right, I think we have enough people to solve the problem we need We need to start arguing over Requirements docs and then some lucky side who decides they need to solve the problem gets to ignore them and implement something Isn't that the classic way it works? Yeah, not if it's MIT Kerberos Okay Yeah, I think think we're not so interested in in protocol level stuff Yeah It's crypto coded it, okay So there's another source so it sounds like there's a few different places to mine crypto algorithms from what needs to be done is we need an idea of Low-level and high-level access to generic crypto, which I think should show up fairly quickly Once all the people say well, you know You guys need this sort of low-level and my guys need that sort of low a high level I don't think there's really a lot of collisions there. It's it's pretty simple. I've got math I need to be beat bits into it sort of thing. So that leaves Actually somebody getting Excited to do all this I do need to point out that some of the stuff needs to live in user space Mostly in user space, but the same library needs to get parts of it loaded into kernel space Because there's no reason to have two separate libraries The crypto work is hard enough to get right in the first place let alone to optimize it and Things like IP sec are in the kernel They have to be because they're dealing with real-time packet flows That you in the back and then up front here test files for the crypto library Okay And hopefully someone else so that you know, someone's not suckered into doing too much of this work That's just one more detail. I hope I don't bore you to death, but Low-level old in my word also has the features that there's no memory allocation the application allocates state tracks and stuff and and calls functions, but The allocation can keep full control of a member member allocation. I think that should be good also when you try to use in the kernel Okay Other bits and pieces that people want to throw out. I'm taking notes I don't know if I can ever let you subhumans outside of the US see them, but I am taking notes. I Yeah, I know it hurts to say that stuff sometimes, but I'm glad you're laughing I just hope that it annoys enough people certainly embarrasses my government into some time becoming a government instead of an empire again You you're gonna see these as an add-on to the existing Linux distributions that you can go get one big Megatar ball and Edit to red hat edit to this edit to that If you have to yes But I don't want to see that I want to see when I want to be able has a US Citizen slave unit to order a disk from Europe and it arrives with the latest version of Linux all the cryptos are you there? It's all pre-compiled if there's a new crypto widget out there somewhere I can just download the source code for it and it knows it you know It's auto comf goes. Oh, yeah, you've got the crypto live or it goes. Nope. You don't have the crypto live go get it Well, others of us are too lazy to order from Europe and we're gonna walk to downtown Mountain View and buy it at the Yeah, so you can ftp the package that We can ftp it. We can get it. However, but You know the the guy on the street corner who's been told that Linux is the best way to run your small online business He's gonna buy a CD. Okay, and we want to be the best online business platform Otherwise Microsoft will claim the high ground and whether or not they do it. They'll get the sales Have you talked to Susie or anyone in Europe that might be able to do that? I'm trying. I'm trying It's it's I haven't talked to them Extensively because we weren't at 1.0 until April. We're at 1.0. We're working on a 1.1 now There's a horrible bug with 2.2 kernels and there's a horrible bug with The fact that the all the networking in the Linux kernels is gonna get blown away yet again yet this year But that's all future stuff. Yeah, I'm trying to talk to them But you know, I I don't want just our stuff in there because that's not enough We need crypto everywhere. We need it in IP sec in the kernel. We need Binaries that are signed so I can have multiple signatures on a binary I need to be I want to be able to do things like When I'm the root shell, I want an environment variable in my shell that goes unless this binary is signed By one of these one of the matching secret keys. You don't run it You just don't run it that binary is verboten. Okay, it's evil. Don't touch it We need the libs for user space Part of the work here and folks. This is extensive We're gonna have to rewrite all of the shitty little utilities. They all have to go Telnet FTP scp rcp As our date all of these things are gonna have to be rewritten to take into account crypto And there's a whole bunch of cool work in there and as long as we're at it There's a whole bunch of things that need fixing We've got you things to do like including the latest binds so that we can have DNS security So that we stop getting our pages spoofed by people Yeah, you're doing all that What? Finish I was running low on things and I'm running low on voice Whatever No, that's wrong and I think I can back up my point fairly straightforwardly and that is in the future We're going to have this resource called IP sec and that is we're gonna have public keys and private keys Negotiated tunnels and all that infrastructure laying around so that instead of handing out Passwords and wring them in the clear and then just encrypting the tunnels and hoping that cuts it. Okay, which it doesn't All right, what we can do is extend this infrastructure that allows us negotiate secure tunnels Out into user space so the user can type in a pass phrase to a much like an SSH To enable a crypto key which FTP can then use Using Ike negotiation between the two ends to authenticate itself to the other end and that requires Rewriting all the utilities and it's well nigh time for that sort of thing It also requires designing the APIs to do all of this. Oh No, no, it's not absolutely necessary this moment. I want to get some sleep tonight But I'm trying to give people an idea where things need to go and we need to start putting the tools in place to do this sort of thing because It's going to be hell out there in another year the script kitties are getting their act together and They're getting more and more vicious as they try to prove They're the coolest kid on the block and there's more and more bad guys out there They're actually using this stuff to break in and find things If you look at whoa If you look at cert advisories over over time and you graph How many of them would just be not have happened had strong crypto been available since the beginning of time and it's 20 30% at absolute best and it depends how you count Most things it turns out are still buffer overruns, right? Even even this last year more than half of the cert advisories were from buffer overruns Okay, what have we learned since the internet worm? Internet worm was what 11 years ago now and and oh, yeah, it looks like it's party time What were the problems the internet worm exploited we had? Passwords that were easy to guess we had buffer overruns. We had transitive trust which of those three problems have we solved today? Okay, so we had trivial That's a specific problem and something okay the set in the whole problem Send me all gets its own class It's definitely the class bad boy. Okay, so basically we've learned pretty much nothing in 11 years about computer security and and this is I mean important to me. I study computer security I'm a researcher in computer security and It's always disappointing that we We in the research community have all these great protocols all these great systems look we can do throw all this crypto at it we can put We can design hardware that has special permission bits and that but no one uses any of it I mean, it's always so disturbing to us, but So this is a danger you have to keep in mind when you're saying put crypto top to bottom really it's not Crypto per se that we want we want security crypto is one tool that we can use to achieve security primarily over over networks or across Breaks in your trusted computing domain, but there are many other things you have to do To get security when you're not talking about breaks in your trusted computing domain your or separations in your trusted computing domain rather you're talking about When your trusted computing when what you called your trusted computing domain is compromised And does anyone not know the concept of a trusted computing domain? Okay, good No, I'm gonna back up how many people in the room really know what a trusted computing domain is raise your hands Yeah, so that's the other way around Folks this is serious stuff Security is not a place that you can just get by like an American and be quiet when you don't know what's going on Why don't you give a quick explanation? Okay, so the trusted computing domain is something that goes back way back into the into the annals of military security and the idea is that you design your system and you You pick a certain part of it that you just have to assume is trustworthy and cannot be compromised by an attacker Then what you try to do is build up your system so that assuming That indeed your trusted computing domain is safe. You can derive the safety of the rest of the system okay Traditionally the trusted computing domain was Often whole networks whole say buildings Recently that's moved now Trusted computing domains are more on the order of your desktop machine, right? If you have a desktop machine I don't care what variety it is if it's running windows if it's running Linux if it's running your most favorite secure OS if Somebody else has physical access to that computer. You're pretty much toast right if they can remove that computer and put another identical looking one in its place with software they have They have installed on it then your toast whatever Security properties you thought you had are just not there anymore because you're not touching the computer. You thought you were touching Okay, so There is a move to even move away from trying to get from having to have your desktop machine and trusted computing domain and move towards things like Pilots that people tend to carry on their belts there's it turns out It's possible that if you trust your pilot you can still do a fair amount of things on a totally Untrusted computer sitting in one of those internet cafes and that's interesting stuff that we know how to do today But no one does But more to the point if you don't even think about what your trusted computing domain is You're in even worse shape because you're trying to solve a problem. You haven't stated Right if the answer is 42, what's the question? Okay, I'll take about 7 million years of research Right so just saying okay, we'll just throw all the crypto in the world at it You haven't asked the question yet. You have to say what is what is our trust? What what do we trust what happens if that trust is broken, right? So what is a buffer overflow? It's basically a trusted program that turned out to be prone to attack, right? So if you even do this signed binaries thing route can only run signed binaries sign binaries can have buffer over runs, right? Just because they're signed So there's more to security than just adding crypto and crypto can solve maybe 20 30 percent of Recent vulnerabilities, but it does nothing for the script-critic problems, which for the overwhelming majority of The problems are still buffer overruns Our and thank you for chastising me now apply everything you just said to the seeding's conversation What should we do in that context not bother writing a live crypto libraries for Linux and go off and Study how to make our palm pilots critical to booting Linux. I What do you want to happen, right what is the end result you want do you want to have PCs that you can say as long as this PC is trusted. I'm safe. Do you want to have PCs that? Even if they're broken into You're still safe. What does safe mean and in general, I think that's no two people. Well, okay, we've lots of people in the room, so There there will be widely divergent Opinions and not just opinion. So be widely divergent True answers to this question depending on your needs, right? Some people they don't If you ask a random person that's running Windows and you tell them, oh, it's all insecure people can do this Don't download arbitrary programs from the net and run them. They'll say what they're gonna read my email What I mean, what do they have on their Windows box that they care about? Obviously to us in security we go. Yeah, that's not the point. I Can start answering this right? My project's goal is to provide network layer security Such that when two boxes communicate, there is no reason to expose anything That would allow you to truly break into the machines or to know what's being communicated Other than at such in time a packet of such-and-such a size went between these machines Okay, that's what my group is doing what I'm trying to push here is I'm trying to get it so that my group Has the tools at our feet part of the problem here I see is We we are all of us doing crypto in in GPL or Linux land or something like this We're all having to build all of our wheels and roads and stuff like that from scratch and has been pointed out our roads collide Right and they don't work. Well, I'm trying to get the various pieces just laying around in Linux space such as Anyone who wants to do a GPG clone or fix the horrid mail front ends We have now for encrypted mail doesn't have to go. Well, let's see now. How do I build a road the roads are there? They start using the pieces. I'm trying to get the pieces laying around You were next I Because they don't trust the people who come in and take the No Additional in digital safety for you to make sure that the machine you're sitting at is real machine Right As Right, so this is under the point that you need to snake your threat model Submission Sorry, you have to do things like encrypted file systems that not only Authenticate you to the machine but authenticate the machine to you Right and depending on what your your threat model is that second one is more or less important is more important or less important certainly the primary use of cryptography is basically to send a Secret data over a non-secret channel Right fundamentally. That's what cryptography does. It allows you to take two endpoints both of which are trusted and send information between them through parts of Physical hardware or the air or some other kind of network or data flow which is not trusted the No, it's the same. It's the same principle, which is that Which is that I want the data that originated with me and I put on the hard disk when it comes back to me To be unmodified Right, so you are the trusted computing that the trusted endpoint, right? It's you're not computing base anymore but you are the trusted endpoint the data flow path goes through your hard drive and You want to say that if it is the case that my physical hard drive is not part of my trusted computing base then I need to use some kind of crypto from one endpoint to the other and You're going to have to have if you think about it Just do the analysis here. It turns out. It's not enough just to have an encrypted file system That you can type a password in because what if I take your machine? if Substitute it with another machine that should behave similarly it'll accept a password when you boot up But it'll accept any of them Right. It'll accept any password. It's just a no op and it just produces a machine that's behaving similarly You can't do the crypto in your head, right? This is one of our hardest problems Right in the security world is in the particular problem of authenticating a machine to a user Right because you want to use crypto you want to use digital signatures But the user can't check the digital signature in their head. So they have to use a machine and Now you have a problem and this is where the palm pilot solutions tend to come in where you can have a smaller machine that all it does is Check digital signatures and hashes and you can be more sure of its security But don't go to sleep today. I Know what you take your palm pilot I'm using the palm pilot as an example of a portable token you need that's right That's but that's always the case you need a trusted Computing device of some kind if you don't have one at some fundamental level your problem is theoretically unsolvable That doesn't mean it's practically unsolvable, right? You can make things You can make things hard to break and certainly just doing an encrypted file system Makes it much harder to penetrate the system, but it doesn't make it impossible. It would not get Quite possibly a military a1 rating if they still did that sort of thing Okay, that's a couple questions Okay, so you've made a couple of assumptions there that aren't quite warranted your your point is is Is pretty well taken but For one You said mentioned root permissions. I'm not talking about In general a specific Unix or Linux like system, right? It could be this this Is in hardware for example Right where you have the hardware Authenticating itself by doing a checksum over its bios and over its firmware and telling you and Proving to you at boot time that its boot sequence has not been altered And then you can get into the encrypted file system Right because I don't care if you have an encrypted file system if I can mess up your boot sequence and do stuff to your computer before Yeah, in the boot sequence before your secure kernel yet comes up your toast right, so these are the kinds of problems we have and They're they're hard We have another question. Yeah, right. Okay cryptos. So right cryptos necessary but not sufficient, but Right. Yes Okay Well No, that's good we can go back Oh, yeah, there are people talking about that and I'm I bet you that the poor Microsoft is you're gonna see a nightmare in USB dongles Hanging off the back of their machines because it used to be you could fit one or two dongles on the back of a machine Maybe three if you had a parallel port dongle doing security things and screwing up your ports now you can have 256 on a machine one for every piece of software or some commercial company wants to control. Oh joy All right. Yeah Eros is not finished Eros is much closer to the right way to do computing than Unix is I know because I'm the guy who Introduced the guy who wrote Eros to the concepts that back up Eros So I'm quite familiar with this stuff The thing is is that I'm not going to get okay Here's a question because I tell you how many people in this room tonight are willing to wipe their Linux boxes and put up Eros Okay zero and that's as it should be okay We've got to fix Linux if for no other reason then Linux is becoming a snowball and it's rolling down the mountain Okay, and it's gonna get bigger no matter what we do I've been doing Linux for about three years full-time before that I believed the free BSD Was a better OS. I still believe it is I also believe that in the next year if the Linux community works hard it will be a better OS than free BSD Right, I've got to fix what's gonna get used at the moment. That's Linux Okay Okay so We need a Linux library That is is useful. We need to spec it out some I don't think that's something that can happen here What other pieces do people need to get these systems forward is for instance Do we need public key stuff? What else is there? Grab the mic For me there are two big things that are missing and but I don't know from which where I will fill them and the first is Is host authentication Again my perspective mostly buys from SSH style things and the big problem with SSH is authenticate the other host first time you connect and It would be great to have some kind of infrastructure that are you get the host key from a Security NS or something like that. Okay. I don't really know the alternatives secure DNS is somewhat a solved problem at this point in time bind 8.2.1 and maybe Okay Don't trip down the dark holes out there Especially if your name is Alice DNS is out and available secure DNS is built in to the current binds Are there any Suza representatives in here that can tell us whether or not they're going to be including bind 8.2.1 Or later in their next release Okay, but they're out there the tools aren't all that great and actually The biggest hole in using bind at the moment is there's no Documentation even at the how-to level of how do you secure DNS? That you get all the bits and parts and pieces for generating sigs and key records and you know putting them in your Your data and the whole bit, but you don't know how to use the pieces and When you you try to ask the pieces for minus minus help they kind of laugh at you So there's a task there, which is just someone sitting down figuring out how it works Which probably means a combination of looking at the new stuff that? ISC has written and also looking at the crap that TIS wrote and trying to figure out between the two of those What the right thing is but there's another whole task that is actually kind of small kind of manageable and isn't even Directly computer programming, but it's critical to getting this stuff used Which to me is becoming as important as getting it written Does anyone have a rotor router I think I need it for my throat No, it's coke is Pepsi anymore. There's no difference Whatever so the the next question for me at least on my list is API's In that there's a bunch of different layers that API's need to be done at for this stuff There's the low-level stuff. There's some mysterious higher-level stuff How many people That are actually writing crypto code need RSA and stuff like that. Oh, oh, oh Okay, I want to see the following RSA is pissed me off. All right One NSA dude joked in the US one day that if he really didn't want me to have a technology He licensed it to RSA So so one of the things that would be really cool to see is on September or October September 20 no August 20th I think it is in the year 2000 September 20th. Yeah, if Linux had all the RSA code you'd ever want and you never want to use their code or license anything from them again How many people here need that sort of stuff RSA DSM? I know I need DSS I know I need RSA for our Ike daemons. How many other people need that stuff? Does that go in the same set of light? Does that go in the same library has? Symmetric algorithms and hashes and stuff. Yes Okay, blowfish To fish and the other AES candidates are these things that that people are beginning to use or would use if they were available You would say wait and not include them No, but including them. I would not recommend using them at this time I mean all these candidate algorithms are very very new and it's a little bit foolish to trust any of them right away We have we have good algorithms right now that their main problem is their limited block size The main problem with the limited block sizes. You can only send so much data with the same key For most protocols that's not an issue at all so for most protocols The The block ciphers we've got now Even if you really care of a block length go triple mode like triple des or something like that 168 bits is fine Unless you really have to encrypt lots of data with the same key Use triple des and let if speed isn't too much of an issue to you des X if you like speed If you need stream ciphers We can mumble about RC for about whether it's actually legal to use or not Yeah, I mean as as you said License something to RSA and it just becomes impossible to even figure it out If you're allowed to use it or call it by its name or Right as far as anyone can tell it's legal to use RC for as long as you don't call it that really that's Ridiculous situation we're in Sure, and some people are calling it arc for I I could see RSA's lawyers taking you to court over that and they're bigger than you are Of course, I can see RSE. They're bigger than you are I've seen their lives Yeah, I mean they're all sorts of we We have two problems to fight in the US, which is not only do we have the export controls preventing us from getting the software out of the country we have the patent controls and and Intellectual property preventing us from using it in the country. I Don't give a flying hoot about US citizen slave units if we have to go to the way the dinosaur in the US Because we're stupid fine Okay, I need the tools built for the people are bright enough to use them Okay in the US if you if it comes with RSA and RSA won't license me the product to to use inside Linux Then you know RSA is gonna have to hunt down every single person who's breaking their license with those nice big Lawyers you just described that'll keep them plenty fat All right, I don't care about that. I care about getting the problem solved So I can set up a Linux box in free countries like Amsterdam or tango or something like this and run them Without worrying about are they gonna get broken into every Tuesday? Okay, when I'm in the USS of a on my laptop I'll have to remember not to call it RC for and use its alternate name on the command line or something crazy That's that's people in the USA's problem until they bitch at their government and fix things Do you understand the attitude I'm taking sure I'm just Skeptical that you ought to put bitching at the government in your critical power. Fine. It's out of my critical path I won't bother. Let's get some work done Okay Hold on you're two Um, and maybe my burp was one there The algorithms need to be in there in my opinion or at least two fish Because they use completely different interfaces in that the size of the bits the size of the cycles various things like that and There's no reason at this point to start embarking on building tools that don't handle the tools of next week Yeah, they don't deal with the stuff from next year. We don't know what that looks like But next week we have an idea if you you know leaving living a weird time scales like I do a couple of people were up you were sir It's free. I know Bruce Bruce is a good guy. He might be a salesman, but he's still a good guy Okay, and also we have to remember this here is an academic Crypto scientist all right and nothing is proven secure until it's been broken Okay, for instance if you were to follow Ian's advice You would never have implemented deaths because it's not proven secure Or it's not broken right, you know there it came out as the standard just because the Fed blesses something Doesn't mean it's good matter of fact I might look at the five candidates and go whichever one the Fed doesn't bless it might be better So I'm perfectly willing to have any of the AES candidates that have declared themselves publicly available in there And the public availability is crucial in my opinion Now I should give you time for rebuttal Next Okay About different algorithm there was a discussion at itf a few weeks ago about whether or not itf should Require another algorithm besides triple desk We think that is I actually personally don't think any of it's relevant As far as I'm concerned triple des is good enough for now. We understand its security Well enough to use it I'm concerned that the tools we build handle the larger data paths of various sorts that AES candidates need my proposal to itf was We just put in all the AES candidates that have been clear declared themselves to be publicly available and not licensed And I think that's like three of them And that's fine by me. I don't you see Partially what I'm after here is I'm trying to get a vertical stripe of problem space Solved I want the Linux free swan to solve one of every problem from top to bottom So that there's a path through this maze and you can get the job done, right? And then you know anyone out here who's bored some night can implement, you know to fish You know might not implement it right, but you know, that's what the next night is for Okay, and then you can you know send that code out GPL it get it added to the library and then all sudden that vertical stripe becomes a little bit wider But what's happening now is we can't get a vertical stripe all the way across the the problem space Because there are too many bits and pieces that are missing so personally I threw out the AES candidates out there for discussion not because I feel I need them in my team's work Yeah, the crud like that. That's why I asked if the open CA people were here from Italy They sent me email after I asked them to come to to whatever this is. So where are we hip CCC? Is it hell 2001 yet? And I presume they're just gonna arrive here It's the long drive up through Italy or the tunnel and collapsed on them or they all got pushed out a window. Oh So there are people working on this they should be here yet this weekend You know if you find one of them send them my way or talk to them yourselves. It is being worked on and we do need that piece Okay, I'm kind of bored with symmetric crypto. I just use triple-des all the time. I don't trust symmetric crypto Yeah, I'm bored with it. I Yeah, I don't It's not important, but I don't trust public key crypto I think they're probably gonna announce the the final factoring algorithm at Santa Barbara right now and it'll be gone with But I'm more interested in it. Yeah. Yeah How do you know they're not? Okay, who's willing to do a one-time pad cipher? No, no, no, I'm more interested when you mentioned you mentioned ideas of Checking certificates of rewriting all the little utilities and things what you're thinking there is a road because I've never heard you mention that before I've never read about it on the net or oh, well, yeah, but I have to have a public forum where I'm free to speak in remember This is that um I've been working in IP sec for a long time and What it provides us is DNS sec IP sec we start having an infrastructure that has crypto keys all over the place and is Doing crypto negotiations between separate entities between separate machines, etc I see this is allowing us to rewrite the utilities That currently caused so much pain Ian was saying that that the script kiddies aren't breaking in because the crypto is bad They're they're breaking in because this utilities got a buffer overrun and this utility needs a clear text password and you know Blah blah blah all that's got to change Okay, we've got to get rid of these utilities. I mean for God's sakes anyone here who runs a Secure Linux box does I net d do anything? You just get rid of it No, it doesn't right and then you've got it You know you got a backfill in SSH, but SSH doesn't actually communicate or share keying information or identity information with IP sec which doesn't use the same identity information as the password scripts and You know all this stuff is kind of fragmenting and then if I try to take some port You know secretary and say well, you need a password a passphrase not even word anymore Passphrase for SSH you need a passphrase for been password You need a passphrase for your IP sec permissions to talk to this machine You need a passphrase your PGP mailer need You know and what happens is people all start using their birth date again, right? And we're right back where we were in 1987 when the best way to crack things was to throw dicked words at it Pam is confusing the hell to me right now, but is it a step in the right direction towards that Pam? Pam P. A. M. Pam. Oh, never mind. I never know never mind. Yeah. No, I never use it I mean, I just I get it comes up. However red hat configures it. Does anyone do anything with it? I haven't figured I had to turn it off, but I haven't figured out how to turn it on but you know It's not a pretty red head Stack up in the around three years Just not I don't know whether they've been updated recently Not But that's the solution for How many people are familiar tools you just described? The deal with buffer overflows Not enough. Can you talk about this for a moment? The basic idea of spec cards, for example is that it puts In addition to the return address if you try to override with buffer overrun it puts some kind of part on the stack and There's broken a pilot that makes sure that this mark gets checked So if you try to track If you try to track the stack must trash the mark before you try to return address before you can insert the malicious code so the mark is missing and Colonel or the Finds that out and refuses whatever statement there is It's not a good solution of the problem. Mr. Academic. Probably a bad description No In fact in the same in the same conference we saw two solutions to this problem and It solves some things like it turns out it solves a large class of buffer overruns By solves It's a little tricky because if someone knows you're running it then their issues about well Couldn't they just arrange to put exactly the right marker in exactly the right place? so you have to have non deterministic markers and Right in the recent really exactly right so there their issues involve it turns out it doesn't at all solve other overrun related Vulnerabilities that don't involve the stack of You might imagine a few you have an array in in a global heap and after that you have a Security-sensitive global variable and that array gets overwritten Past the end and you overwrite the variable. It's simple things like this We're still writing in C I believe that's a big Yes Jaffa's a much better answer than C. There's no question Oh You still got the the stack but I'm popping you one down and I guess you're after you're after him two three Um Does anyone here have experience? using the Macintosh Meta password system where it would take a bunch of public keys and You'd have to unlock each one But then you can lock the whole thing up with a single password when you walked away from your machine for half an hour And with the single other password you could unlock it and use it Never mind I'll need to get this back Go on That's it. Okay, too Well, first of all about Pam. I like the design goals of Pam But the API at least as it looked when I read it a half a year ago is Really really ugly to support it in a thing like for like LSA's which require massive cladgery I Can expand on that if anybody's interested, but I guess this is not a place Okay What I want to say is I have as Pretty I think it is a pretty simple kernel hack that I would really really like someone to do. Oh Thank you for reminding me about that God, yes. Well, you have one. I have one, but he gets to speak for me. I guess I'm for well This I also thought when this customer will learn caught because he uses his own hack GMP big num library to get control of their allocation of things so he can try to allocate things in in a non-swappable store and things like that and I really don't like that because Here there's no way for an application to know which data is sensitive if I use Security program it's very likely it's not only the keys, but also data is sensitive so that has to be protected and It's no real solution to turn off swapping of it all day in the process And I'm gonna jump in here because you reminded me That is when you hit the go to sleep button on your laptop That's got to propagate to all the applications that need to flush keys before you go to sleep And the guys of the airport take your laptop from you but One thing I want is I want an encrypted swap And I think that is pretty easy because that is whenever a process is created. You create a random key and then you use that key to encrypt like all Rightable or all Non-shad or something pages when they're swapped to disk decrypted when they are swapped in and when the process dies The key should be destroyed Yes, and that's we configure on a power user or power proof spaces and the variable or something like that Yeah, it's obviously a good idea to do that and and Mumble performance of go by faster processor It turns out the hard problem is exactly what you said about shared pages shared pages across processes You don't want to lose the fact that right now you can Have one physical page on disk or page in memory Actually being the backing for two virtual pages So you need to You would like to arrange now to start sharing keys and Now it can start getting a little a little hairy What's that oh? no, but if if Say two processes have a shared memory segment Right, and they're using it to pass critical data back and forth to each other so that's The kind of thing that on the one hand we could put in pinned memory But if the solution we're using instead of pinned memory is an encrypted swap Then suddenly both of these processes have to be able to access that encrypted swap page So, I mean it's just an engineering issue You know the big hold on hold on No, no no stop stop we understand this okay What you don't understand is that in the old days there were operating systems that if you had 50 copies of oh Netscape running on one CPU and Something big came into memory you ended up with 50 copies of the Netscape binary in the swap Okay, and this was murder on systems and there's an advantage that Unix has had for a while Which is it writes only one copy to the swap and in actuality if it's the binary itself It doesn't write any it just marks the pages off of the raw disk That the binary normal lives in has that the pages it needs to swap in okay And what Ian's trying to do is preserve this behavior because it's a big win especially for say incompetent things like X and having 50 X terms out there, okay, that's where it really begins to win When the swap process goes right to the disk at this point you get some crippling But what do you want me to do is have one key to process? No, no, no, do you want one key to process? But I don't see why If you have if you have one key just for the life of your computer because because your swap file Sure, but say I put the computer to sleep you can't forget that key right if you forget that key Then you can't swap back in everything when your computer wakes up Right, and then it's it's just as bad because now I can read that computer out of that thing out of rent Right So it turns out it's not quite true either, but Yeah, and if I'm bright enough I'm gonna have And I'm a nasty enough bad guy when I come to steal your computer. I'm just gonna have a little connectors that Pinch through your power cable feed in the right power and then I'm gonna cut the the upstream power I'm gonna take the whole thing away powered That's a very different threat model You were up next sir. I'm sorry What was the first letter of each word? Yeah An API for going to sleep right Okay, so to Talk about the first one. It's actually really really hard to pick good pass raises Okay, doing the first letter of each word That's useful for picking a stronger password than most but if you want to pass phrase That's used to protect a cryptographic key save 128 bits If your pass phrase isn't 128 bits strong, then you've weakened the security of your system. Okay, so So here's the challenge get a human to be able to type 128 bits of entropy into a computer Is Carl here Carl Allison No Yeah, he's around somewhere He's here. He's just not in this room. So he once told me that He had he uses one of those systems the the single pass phrase like SSH ad and the SSH agent stuff or I think he was describing a similar thing for the Mac where your some demons Remembers a bunch of of private keys and you authenticate yourself to the demon with a pass phrase or something like this And he just at one point had a computer generate 128 random bits in hex and just memorized it right and he memorized that one and It's not too hard to memorize 128 bits it's it takes some work, but if you use it every time you log into your computer you're gonna learn it Right Now that having been said most people aren't going to do that It's very interesting to look at how much entropy most pass phrases actually get If you do something like the first letter of each word Letters how many letters are there about five bits? They don't occur equal probably though They don't occur equal probably though. So you actually only get Three a little more than three bits per character So if you generate an eight character password that way you have about 2526 bits of entropy in there, okay Now we all know that 40-bit crypto is a total joke 26 bits of entropy isn't going to cut it So we go to longer past Passphrases and the hope now is that you don't have to have a passphrase of the form called Mersenist that only makes sense in Welsh rather you can You Can actually Have like long sentences and hope that the length makes up for the redundancy Okay, the problem is it still has to be really long English it turns out has less than two bits of entropy per character So if if if you're typing an English sentence, it's about 1.2 actually And you want 128 bits of crypto of entropy in there. You have to have a 100 character passphrase Right, that's a really long passphrase especially if you don't get to see what you're typing and you have to get it, right Right, this is a non-trivial problem So, okay, so what is the fundamental problem here the fundamental problem is that your brain is stupid, right? It for some reason can't remember 128 bits of stuff reliably and your fingers can't type them reliably so what do we do we attach a smarter brain to ourselves and we use a Piece of trusted hardware You're sure like right here so It's a common. It's a very well-known problem. How many people here have a pilot or a scion or something like this? Wow, that's a tiny much much tinier number than I expected here Right, okay, how many people here for smart card in their wallet, okay, it turns out using smart cards Has a fundamental flaw in that it doesn't help at all authenticate the computer to you, right? And if that's part of your threat model it turns out you can't use smart cards at all reliably, but Why to what computer That's it right exactly and that's the solution Right, that's exactly the right solution to this problem Except that in the USS of a you will not be allowed to hold on to that through the magnetometer think about it Yeah, yeah, oh, they're setting things up wonderfully Anyway Right and that is exactly the right solution you have you have some kind of trusted hardware But it has to have some kind of UI it has to be able to communicate directly to you without going through entrusted entrusted means so Right that that is the solution we have to move to that is the solution we have to move to Sun or Dallas semiconductor rather propose these eye buttons as a solution to this it has the exact same problem as smart cards Obviously, but they're useful in certain situations We have to get rid of passwords. I mean that's just it people are just not good at remembering passwords We have to have some We have to have some totally other mechanism now remember there are two major kinds of passwords and passwords is one that We've been talking about just now to unlock Crypto keys and things like this that are stayed locally the passphrase is never sent over the network Right, and there are the other kinds of passwords that are the traditional ones that are sent over the network Those are pretty obviously bad, right anytime you send any kind of Replayable token over the network such that anyone who has ever seen the token in the past can use it in the future to impersonate you Don't build systems like that today. I mean we have much much better solutions and All we needed now is a library so we can use There's I Have you seen the data key This is the absolute coolest Hardware token I've seen it's The idea is exactly the same as an eye button or a smart card. It stores your cryptographic Keys and stuff, but it's in the shape of a key and you stick it in a keyhole and you turn it Right and this is just the So obviously right form factor Just Search for data key, that's the name of the of the product Think very similar things have been in use in the military like for stew threes and the predecessors encrypting phones and stuff like this had had the same form factor of Physical keys you would put in in turn I believe the end cypher the end cypher products the end fast boards and stuff like that the ones that do secret sharing They use this data key There's a reason that I refer to this as cryptographic hygiene and unfortunately, it's as bad as using a condom Can we have your comments? Thank you That's a documentation problem If you want to see pain you should see the day I cut off the president's account because he gave his secretary the password Would you like to say something I Random noise in the dated calm channel Um, oh someone knew way in the back in the red Well, I never want to see biometrics in our system. That's when we really start screwing up security incorrectly Yes Chaos Okay I'm gonna strongly jump in here and agree with him I've whoever he is in that one of the things we need to look at when we're doing our new apis is providing multiple channels for Things like this another example is I think we need a new channel besides DNS name IP address else will think we need a new Non-hierarchical name that we can pass around it's based on the hashing of keys or something crazy Unknown you know completely unknown, but that's the sort of thing I think we want to pay attention to if we're going to start redefining apis So yes, it's a perfectly reasonable and valid point One more and then and then Peter I This is right that this is a crypto summit of how do we solve all of the problems? We've talked about the library tools that a lot of us need I felt it was time to talk about that All these other things need to be discussed as well All right chaos was next I think more noise than the channel. I noticed yes I Just you just shoot the ones that don't learn that's the Darwinian solution No, no Yeah Yeah, right Peter There's no crypto in the Hardware all US citizens slave units are But they must bring it back intact with the virginity still there yeah, um What other crypto related problems are there in Linux that could be solved by having more tools laying around in Linux? One two and then whoever else raises their hand go Go read the Linux IP sec list It's been the topic of discussion during the month our other bug has gone nowhere and being fixed There's a lot of work going in. Oh my well everyone please. Is that the moon? Astronomy break. Let's all look at the gorgeous moon cool, okay, um You just asked Martin You just asked You just asked Randomness, okay randomness. Here's the situation there theater Joe who is the dev random and dev you random author it is now working on Linux Exclusively, he is no longer working on the uneducatable MIT students He's been hired by VA whatever their name is this week Well, it's no longer VA research. It's VA whatever the name is this week Much like there's hardware corporation Canada, whatever their name is this week Etc. Etc. Um There's a lot of talk about how to improve randomness. I expect you'll see a randomness user library extension that uses Different sorts of randomness that can be produced by the hardware because what I'm seeing is That there's some things you want the hardware to do or some things want the kernel to do and a bunch of other things you want But you don't you might not want them. So put it in a library. Let the the target program use it There needs to be probably a cheap random number solution available for machines The Pentium 3's I don't think the first batch of them, but the newer ones have a hardware number random number generator in them Well and a serial number, but it's a little odd right now John Gilmore has been trying to get Intel to release the information Intel being weird and psycho has said yes We'll give you a machine to reverse engineer it But we won't tell you how it works without a non-disclosure Preventing you from writing code to let Linux exploit it It's it's absolutely true they'll give us hardware and let us reverse engineer it they won't tell us how it works That having been said I would much rather approach AMD say hi, let's design one for you and these assholes at Intel can go to hell If they won't do the tools right, let's not give them money to continue screwing up our lives No, it's not Okay, so that's the randomness situation Randomness unfortunately is especially bad in one place and that's machines without users in front of them Which is exactly the classic machine for what my team is designing for All right, so a small hardware random number generator project that can be built for 20 bucks would be nice Gets it from scuzzy discs, but not IDE discs and it turns it turns out right it turns out that it doesn't matter anymore because Ram is now getting so cheap now that the US government's out of the business of screwing up RAM prices that you're not seeing head float Or head timing data and even scuzzy disk Information anymore because it's all been cashed and it's gone. Well, you know, I Yeah, the problem is it's externally influenceable and you know, what's the flow nice? Whoa, not only nice, but bright Influensible but not controllable and I'll let you have that debate with the other show Yes, I will repeat the statement randomness is getting better It would be nice to have a cheap hardware solution. Let me restate this. Let me rephrase that in a way. That's a little more evident product opportunity okay product opportunity No, I mean I could sell each one of those I mean I buy ten of them for my research boxes alone if they cost under a hundred bucks Right, okay, and it's as long as they didn't radiate the CPU into uselessness After after other people in the field looked at it and said whether it was good or not. That's called a reputation This is this is a theological. This is a theological debate for later It's it's a knowing problem that the randomness that we've got digitally created is not great but it's getting a little better and We're beginning to get manufacturers putting this stuff in the chips Intel is now talking about putting random number generator in every ether chip Okay for Perfectly random or provably Even if you're Just pick a random 128 bit value and then just output child of that was one child Everyone could actually get any useful data out of the relationships of their that would be a very interesting result of itself As they say in science that would be very interesting They have to provide randomness without users sitting at the keyboards We're concerned about it. We're adding the timing information of some more interrupts But there's only so much you can do and at some point you come to the conclusion that look if someone can break Shaw so that I just like to know that If they can break Shaw, they've got bigger fish to fry also most likely Let's let's push forward on this because I got a date in a few minutes May I repeat the may I repeat something that we're all going to learn about more? Reputation systems. Okay, don't buy Israeli cell phones. They tend to blow up. Okay, that's a reputation But it's very famous example Um, I want to ask because I know there's at least two What do they call Linux distribution groups in here What do we has software developers need to do to get this stuff in the goddamn distributions from free countries Send it Ah Are you a do you know if you'll be including GPG in the next rev? Lsh, you know, I you know all the fifty-three working Okay. Well, unfortunately, I've got a great working implementation for two O kernels Yeah, the bug unfortunately seems to be to to That's called to five or six, okay Well, that that that's what we pay them for They might not do in time for what you want or what I want, but yeah, I understand what you're saying Okay So let me ask the chaos people. Do I need to send you a copy of the source code? also, I Can't because I'm an American but I can you know someone here could You're gonna get a lot of copies of the source code. I am afraid now No No, I take the oops. There's no longer any amendments left Yeah, let me ask this folks Okay, let me ask this is really serious. I don't know about you folks. I've been doing this a long time I Stated publicly not that many people listened that 2.2 would probably be useless until 2 to 10 I think I hit that pretty much on the mark Unfortunately, it looks like the networking might be useless a little longer How many people here in? serious fielded applications like Customer sites where the customer is actually making money, you know real business Solutions are using 2 to 10 rather than 2037 2345 put your hands down. How many people are using 2036? Three times as many How many of you are using the SMP support in that? Okay, okay, so I said oh one your board just fried. Oh goody What did you did did some water get in the mineral oil in the cooler? Yeah, okay, yeah that happens all the time You know all of my systems that matter are 2036 at this point, not even 2037 There's there's no need to upgrade at this point. I mean yeah, it'd be nice But they they there's so little that they actually talk on the net besides Pluto and DNS Come to me. No, I can't tell you how capabilities work never mind Go to somebody who knows something about your roast of key costs and then you can find out how capabilities work It's not the way Linux is implemented them so far Okay Yeah, we're using to We're gonna have to change the name of what we've called capabilities for 20 years because the Linux capabilities just aren't the same They're not solving the same set of problems. That's all there is to what flags File flags. Oh the immutables bullshit. Oh Come on folks. Don't don't don't put up with things that stupid That is the most useless bit I've ever seen on a machine with access to the raw drive in any way shape or form I'm serious. That's embarrassing What? Great, so now you've got to bring in three new systems online to get one bit that I still am pretty certain I can get around in my sleep, you know, not that I've tried I mean the immutable bit looks nice until you look at how the file system works and you know, how the disk access works and stuff like that You know, it's it's another It's another domino. Yeah, it's one more domino, but it falls with all the others Yeah, exactly and you better put them on CD-ROM in such a way that somebody can't wipe them out Whiting them out is yes Yes, exactly don't leave it in the writer I I've been doing something called secure a stiff Linux or stiff Unix for years I've done right only systems for over a decade now and it works really well But only on scuzzy disks where there actually is a right protect Yeah, um actually to tell you the truth systems that I consider to be secure don't have users That's the first Okay This could go on forever we've been at this for nearly two hours Yeah, yeah, the cypher punks are about to attack your ears with techno gunk Which we have no idea I what I'd like to do is I'd like to invite Let's not create a new list because we've already got listitis up the ass or something here I'm gonna invite everyone who's interested to come to the Linux IP sec list It's Linux hyphen IP sec at Kleinec CLI net.fi It's a major domo run off of Kleinec We have to move our list homing sometimes soon because Kleinec's falling apart on us, but that's a separate story in any case What we what I think we need to do is or you need to do because I can't do any of this shit is We need a low-level We need a low-level and a medium level. I think I'll call it crypto library with all the tools in it I think from what I heard you've got a few pieces Caches a few pieces you've got a few pieces We need to pour all these pieces into one place make certain we've got the GPL stamp on them I'd be happy with the Berkeley stamp, but the GPL stamp will do and Somebody who thinks they're skilled at API's needs to do some work with these to kind of unify them Is there any sucker who thinks that they've got that sort of time? I know it's fleeting a subtle illusion, but we're about to do the musical warp again We have a sucker. Yay everyone Okay, I'll corner you I says I know where you're sleeping Um Gilnets or drag nets, which do you prefer? Gilnets or drag nets it's fishing terms never mind All right, so that problem is put asleep. Oh, oh, oh, oh, okay I want everyone to help me on something. Okay, Linus Torvalds is a great guy But he doesn't know what he's talking about something we critically need in Linux is Core dumps, okay or more specifically crash dumps Okay, because Right now my guys are getting systems that you're turning belly up and his little childish Quote of well anyone who can't figure out what's wrong from just looking at it crash doesn't isn't good enough to program Linux Doesn't cut it when you're doing forensic science on something that's dead and gone Okay, so You know what I'd like everyone to do I'd like everyone to bug Dave Miller for this because he knows how to do it and it has to be done Because if we don't get something like that, we won't know what's gone wrong And this is a classic thing from computer science That was in and every Unix up to Linux and Linux is suffering for it now. Oh What's this other argument this other arguments are that if your kernel has just like put bad values on its stack and Jumped into the middle of random process space. Do you really want it writing to your hard drive? It's sitting there in fucking memory when you reboot There's a the reason the Suns are so abysmally slow When they come up in the goddamn prom monitor is the prom monitor is running out literally of Rom because it's desperately trying not to twiddle any of the bits and ram Right those bits are the last image right and if if it looks like it's a crash You write it out to memory and then you blow the memory away You might have to accept the fact that the PC BIOS during boot is pissed over various parts of the system But you know if you've got a PC BIOS you're fucked anyway Go get an open BIOS based machine But the tools need to be there because even if you were to write it out has the kernels dying Okay, you would have more data than you've got now What you've got now is the ghost of a corpse and it's really hard to apply a Knife to look into the ghost of a corpse one two go Yes, and it usually writes it to the back of the swap for a reason. Yes Yes It gets stored to the swap when the next kernel boots and notices a mess left No Okay, hold it folks, let's try something out when it crashes it ain't doing anything useful It ain't storing itself nowhere because it's crashed Okay on on all my SunOS boxes because I was a bigot and I only used computers Until three years ago when I got shoved into doing Linux on PCs on my SunOS boxes There's a phase during boot We're oh, yes There's some point during the reboot when you've got a valid kernel when you save away The the swap garbage and put it in a file and go this might be a useful forensic tool Maybe if you're lucky if you're lucky Okay, all I want is everything I've ever had before Yeah Yeah, so what are we arguing about here? I'm lost. Okay. Are we arguing about I'm not none. I'm not I'm not buying this The statement was Linus's only argument is not you're too stupid to Debug a kernel if you can't tell it from the oops trace, right? There are valid reasons why you might not want and I'm gonna disagree with the valid reasons because I've been doing Unix since 1981 and to my knowledge Believe me, I've had plenty of piles of garbage left over from power hits and stuff like this I have never seen a system that Any panic writing kernel images out to memory stuff, etc. Has Trashed the disk. I've never seen it Okay, I I was not perfectly accurate and I believe I can go show you machines Doing this. Let's not worry about it. We all want crash dumps I Don't know I've never met the man I've been doing this for years and I still never met him and he's supposed to live down the hill for me It's never happened. Okay, so I've never actually heard his arguments other than I was told that It's the broken problem The problem I quoted you whatever Yeah, yeah, you know, I've got plenty of 300 meg drives Which will barely hold my memory images these days Okay What? Yeah, I crashed it. I Don't care. I don't care But crash dumps are important in my opinion and I'd like people to make make us think about this Especially if you know, obviously we agree that somehow they need to happen. Is there anything else that people see? Needs to be done It is 1700 they're gonna turn up the music. It's late at night. We have one more guy. Yeah AFS something from AFS What? PAGS No, I'm more clueless That's a fundamental hard problem. So here The distinction is that under UNIX normally you have a number of different compartments for security you have UID one UID two UID three so on up to UID Six five five three four and then you ID zero is the union of all those and a little more What would be nice is if me as UID two five nine three I could start Subprocesses which have fewer permissions than I do right and more to the point Different sub processes that have almost mutually exclusive permissions so that they can't talk to each other right so That's hard It means yeah, yeah, I at this late date in our time frame since we're now outside of our time frame I'm gonna declare this not a crypto problem, but a security problem Because I got the bigger mic I Think there's a bunch of issues here that we didn't cover things like we probably need some sort of insane mechanism for Asking the system for some non-pageable memory That also, you know doesn't go out to you know for putting keys in and other stuff like that There's other work to do here I'm hoping that this is a conversation that gets started here and as far as I'm concerned There ought to be a Linux crypto summit at every Linux meeting in the free world outside of the USS of a From here on out so that people can discuss these matters and figure out what needs to be done build tools And we'll see which ones survive the weird winnowing process of the Linux community I'm gonna thank people for coming and declare this over so before the music attacks is from that side