Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Encryption Bug Programming Security

OpenSSL To Undergo Security Audit, Gets Cash For 2 Developers 132

Trailrunner7 (1100399) writes "Scarcely a month after announcing the formation of a group designed to help fund open source projects, the Core Infrastructure Initiative has decided to provide the OpenSSL Project with enough money to hire two full-time developers and also will fund an audit of OpenSSL by the Open Crypto Audit Project. The CII is backed by a who's who of tech companies, including Google, Microsoft, IBM, the Linux Foundation, Facebook and Amazon, and the group added a number of new members this week, as well. Adobe, Bloomberg, HP Huawei and Salesforce.com have joined the CII and will provide financial backing. Now, the OCAP team, which includes Johns Hopkins professor and cryptographer Matthew Green, will have the money to fund an audit of OpenSSL, as well. OpenSSL took a major hit earlier this year with the revelation of the Heartbleed vulnerability, which sent the Internet into a panic, as the software runs on more than 60 percent of SSL-protected sites."
This discussion has been archived. No new comments can be posted.

OpenSSL To Undergo Security Audit, Gets Cash For 2 Developers

Comments Filter:
  • Why bother? (Score:5, Insightful)

    by Anonymous Coward on Thursday May 29, 2014 @10:37AM (#47119931)

    The whole security model is broken. How many CAs does your browser come with these days? Do you even know? How do you know they haven't already turned over their CA signing keys to 7 different governments?

    There's no way to "fix" openssl. The entire thing is predicated on a false premise.

    • by Anonymous Coward

      Blockchain certificate authority might fix that

      http://www.theregister.co.uk/2013/11/03/crypto_boffins_propose_getting_rid_of_cas/

      • Yeah I like to download 10 GB of binary before I can visit webpages. Especially on my smartphone.

        • The system described in the article that AC's comment cites [theregister.co.uk] sounds like Namecoin. Like a full Bitcoin client, a full Namecoin client would be impractical on a mobile phone. But like Bitcoin with online wallets, Namecoin would allow third parties to run resolvers. So ideally, you could point your mobile browser to a resolver running on the VPS of someone you trust.
          • Re: (Score:3, Informative)

            by NotInHere ( 3654617 )

            Already now I have the trusted third party option. Moxie has started a service offering this: http://convergence.io/ [convergence.io]

          • Yea, running your PKI infrastructure on a VPS is always the way to go, makes total sense since you're not trusting other third parties to verify things that you would trust a third party to provide you with a virtual instance to run it on ...

            Do you even understand how a VPS or VM work?

            • A virtual machine runs a PC operating system of the customer's choice in a sandbox, and the server provides services from inside that sandbox through an Internet connection. Are there documented cases of VPS operators injecting malware into such a sandbox?
              • by Anonymous Coward

                Are there documented cases of VPS operators injecting malware into such a sandbox?

                There are indeed examples of both "break out" and "break in" attacks for various types of hypervisors, although very little evidence of anyone exploiting them. Then again, there was very little evidence of the stuff the NSA & GCHQ have been doing, so I won't assume they're not being actively exploited by someone.

    • Re:Why bother? (Score:5, Insightful)

      by Imagix ( 695350 ) on Thursday May 29, 2014 @11:14AM (#47120289)
      Yet again, another person who can't distinguish between the technology and a particular application of that technology. What you're complaining about has nothing to do with the implementation of OpenSSL (which is what this article is about), but has to do with the application of OpenSSL. OpenSSL is doing it's job by verifying the presented certificates against the list of trusted certificate authorities that you have configured. The fact that you're trusting too many people isn't a problem with OpenSSL. (It is also not OpenSSL's concern as to how you obtained your list of trusted CAs, only that you have one.)
      • by Anonymous Coward

        Yet again, another person who can't distinguish between the technology and a particular application of that technolog........

        Typical engineer bullshit. We always hear how the users are to blame. Sorry; the people who design the interface which enforces this single CA stupidity are to blame for the fundamental security failures of SSL. Long before SSL was released in 1995, PGP had been released (1991!!!) with a public key based web of trust. SSL deliberately chose to ignore that. If we had been able to insist on multiple CAs per site or prioritize CAs and put more trust towards ones that were worthy and independent of governm

        • by g4sy ( 694060 )
          You're right. Nice post, you sent me on a dig around ddg. Would this be a work around? It's a browser plugin that uses GPG web of trust to check certificates peer to peer. I don't know if this plugin actually works, but I think the idea is brilliant!

          Monkey Sphere [mozilla.org]
    • by Anonymous Coward

      The whole security model is broken. How many CAs does your browser come with these days? Do you even know? How do you know they haven't already turned over their CA signing keys to 7 different governments?

      There's no way to "fix" openssl. The entire thing is predicated on a false premise.

      Your extreme cynicism may lead to dementia.

    • by jrumney ( 197329 )

      How many CAs does your browser come with these days?

      Browsers have come with far too many CAs installed for many years now. [slashdot.org]

    • by Jawnn ( 445279 )

      The whole security model is broken. How many CAs does your browser come with these days? Do you even know? How do you know they haven't already turned over their CA signing keys to 7 different governments?

      There's no way to "fix" openssl. The entire thing is predicated on a false premise.

      OK, Moxie. We get the message. You aren't fooling anyone with the AC post, dude.

    • The whole security model is broken. How many CAs does your browser come with these days? Do you even know? How do you know they haven't already turned over their CA signing keys to 7 different governments?

      There's no way to "fix" openssl. The entire thing is predicated on a false premise.

      Nothing in OpenSSL forces you to trust any CA's you don't want to trust. Heck you don't even have to use certificates at all (TLS-PSK, TLS-SRP)

      I think it is a mistake to confuse deployment failures with implementation failures with specification failure.. while there are often linkages between these things it is hard to accept that proliferation of hundreds of CA's all with overlapping global scope is anything but a deployment failure.

      • I'd say the horrendous state of ssl certiciate security has aspects in all three categories.

        Specification failure: Certificates can only be signed by a single CA, no mechanism for multiple signatures on a cert to give a greater assurance level. No mechanism to limit a CA to a subset of the dns heirachy.
        Implementation failure: Major implementations include an insane default CA list*, poor handling of certificates of different trust levels (clever use of redirects can allow interception of form data for an EV

    • by Anonymous Coward

      LibreSSL isn't close enough to an American-agenda (NSA). America needs to pursue insecure OpenSSL to find new levels of incompetence.

  • Looks like a committee of tech companies is going to fund a security audit and further development of OpenSSL.

    .
    This can only be a good thing, right?

    • Comment removed based on user account deletion
      • Let's just bear in mind the old saying, "A camel is a horse designed by committee."

        Which would you rather have in a desert? That comittee must have been pretty good.

        • by arth1 ( 260657 )

          They also handle snow and winter a lot better. Bactrian camels can easily survive several days long snowstorms outdoors - conditions that would kill the sturdiest horses.

          But back on topic, what's worse if the animal is designed by marketing. Then you end up with a duckbilled platypus. It may be feature rich, but it can't do the job of a horse (or camel).

  • The issue that I find, is that OpenSSL is the only Open Source Player out there.
    Much like File Systems, we really should have at least a few popular choices, which are interchangeable. So if there is a security problem with one we can switch to an other one.

    • by atomic-penguin ( 100835 ) <wolfe21.marshall@edu> on Thursday May 29, 2014 @10:56AM (#47120123) Homepage Journal

      The issue that I find, is that OpenSSL is the only Open Source Player out there.

      But It is not the only SSL/TLS game in town. There is also GnuTLS and Network Security Services (NSS).

      • In Ubuntu or Debain... Can you Apt-get Apache to use these instead?

        Actually that is a serious question. I never saw those as an option.

        • I don't have an Ubuntu/Debian box at my disposal at the moment.

          You could try

          apt-cache search mod_nss

          or

          apt_cache search mod_gnutls

          though. It would probably be named some variant of that.

    • by monkeyhybrid ( 1677192 ) on Thursday May 29, 2014 @11:10AM (#47120249)

      There are alternatives, although I can't comment on how they compare with OpenSSL.

      GnuTLS [gnutls.org] (LGPLv2.1)

      Mozilla Network Security Services [mozilla.org] (Mozilla Public License)

      PolarSSL [polarssl.org] (GPL2 and proprietary).

      MatrixSSL (GPL and proprietary [matrixssl.org]

    • FYI: LibreSSL is a fork of OpenSSL that started over a month ago.
      http://www.libressl.org/ [libressl.org] [libressl.org]

      • Be careful with libressl though, the developers have been stripping out what they see as the wrong approach to portability and currently only support openbsd. There have been third party ports to other operating systems but great care is needed when making such ports as assumptions that hold on openbsd but not on other platforms may go unnoticed.

        A badly done port of libressl could easilly end up significantly worse than openssl.

    • The issue that I find, is that OpenSSL is the only Open Source Player out there.
      Much like File Systems, we really should have at least a few popular choices, which are interchangeable. So if there is a security problem with one we can switch to an other one.

      Several SSL implementations support the OpenSSL API including GnuTLS (open source)

      NSS is also open source with shims available to help those porting from OpenSSL.

      Having never used them I can't vouch for how useful they are in the real world... assume out of total ignorance they are worthless for anything but the basic SSL_* operations.

    • The OpenBSD folks forked OpenSSL into LibreSSL. In addition to checking security, they are doing general code cleanup, removing unnecessary/dead code. They did a talk recently about what they've accomplished: https://www.youtube.com/watch?... [youtube.com]

      IMO [as a programmer of 40+ years (30+ with C)], the programming style of the code is horrible. One of the functions that produced heartbleed is called dtls1_process_heartbeat. For starters, it has one of the worst indenting schemes I've seen and seems to violate m

  • by just_another_sean ( 919159 ) on Thursday May 29, 2014 @10:46AM (#47120021) Journal

    While I applaud the efforts and support I do hope that the work of others [opensslrampage.org] will not be ignored. The audit is great news, but I do hope the existing and new developers will look to LibreSSL for code updates, ideas and their own audit results. If we can get a nice bidirectional and completely cooperative flow between the two projects than hopefully the final result will be a highly secured, audited product that we can all use.

    • The problem with OpenSSL Rampage is that a major part of their approach is basically to rip everything out of OpenSSL that isn't relevant to OpenBSD, which is generally the code relevant to platforms OpenSSL supports but OpenBSD doesn't.

      • At first glance I agree and that is essentially what they are doing. But I do believe (can't find a link to back me up but can swear I read it somewhere) that the idea is to make LibreSSL as secure and robust as possible for OpenBSD and then start porting it to other systems, with the exceptions of course being Windows 3.1, VMS, etc. This makes sense to me; start with a known good reference implementation that uses as much of the old code as possible, just heavily cleaned up and then move on to porting (rep

        • And even if Theo and crew don't port it themselves I would pretty much bank on the fact that, say, someone at Debian will take the BSD code and port it to Linux - it's not as if OpenBSD will have a problem with this.

          The problem with crypto is it's really easy to end up with something that works but isn't secure.

          Libressl and openssl take different approaches. Openssl's appoach is to rely on the OS as little as possible. Libressl is targetted at openbsd and relies heavilly on library features provided by openbsd.

          http://insanecoding.blogspot.n... [blogspot.no]
          http://insanecoding.blogspot.n... [blogspot.no]

          If and when there is a linux port of libressl that is blessed by the libressl team then it might be worth considering but a bad port of libressl

          • Agreed, it doesn't take much to fuck up security in an effort to make it easier. The road to hell and all that. I still cringe a little every time I have to install openssh-blacklist on Debian but in the end I think it's helpful that they are identifying the pieces that rely on specific OS and/or hardware support. By isolating these pieces for BSD they only make it easier to identify the missing bits in other OS's. Do we really need OpenSSL support for Windows 3.1? VMS? Start with the most obvious needs (Mo

      • So YOU'RE the guy --who is running Big-Endian AMD64 !! (*cvs [openbsd.org])

        Most of what they are ripping out is archaic, un-realistic, or poor implementations platforms. You could argue that hacked-support for too many platforms is part of the reason openssl is in the position its in today - if you can't do it right (or don't have the resources to), don't do it. Name a platform other than VMS, they've ripped out and that you need : )
      • In another comment, I posted a link to the talk that the libreSSL people gave on what they're doing. It's not really true that what they come up with won't run on other platforms. They're just removing a ton of "#if defined(OPENVMS) && (! defined(WIN32))" in favor of assuming a POSIX compliant libc. Even WinX now has that.

        They're taking the "shim" approach. For example, they have two BSD-only functions: explicit_bzero [will _not_ be optimized away by the compiler--just calls bzero] and arrayall

  • by rbrander ( 73222 ) on Thursday May 29, 2014 @10:48AM (#47120029) Homepage

    The comments from the folks who started LibreSSL at a meeting of the Calgary Unix Users Group the other night were beyond scathing. Bob Beck's first slide shows Laura Dern in Jurassic Park, up to her elbows in stegasaurus dung, as a metaphor for what the first skim of the code felt like. It's a hopelessly overpatched mess of spaghetti code and #IFNDEF mazes that nobody can really maintain. Their fork has already tossed out tens of thousands of lines of code and started again. (Another slide shows the line from Aliens: "Nuke it from orbit. It's the only way to be sure").

    If not a from-scratch rewrite, think of a home reno where you have to strip it to the frame and put up new drywalls.
    And this situation was allowed to grow by the current bunch that manage OpenSSL; they're only doing this at all because one of the hundreds of time-bombs in the code finally went off, and anybody who's looked it knows how many hundreds more there are. For shame.

    There's a link to the slides from the libressl.org site, which is very minimal, as they say "We're too busy deleting code to make web pages".

    It was just a very sobering presentation. To think we let so much depend on a pile of cruft.

    • by sconeu ( 64226 )

      I recently had reason to look at the hashing code. It's all written in f**ing macros.

    • I saw those slides. There were 17 levels of #ifdefs [openbsd.org] in the code. Every ifdef is a binary switch, which means 2^17 different iterations of source code.(!!!!!) That's 131072 different compiles (!!!!!!).

      So, lets pretend that a config/make sequence just needs 10 minutes (unlikely, they have an oddball config script that isn't like autoconf). To hit 17 levels of ifdef, you'd need approx 910 computer-days just to do all the compiles. Do you think they tested this matrix?

      I hate to beat up on a bunch of people

      • I saw those slides. There were 17 levels of #ifdefs in the code.

        Wouldn't surprise me if people commenting on hyperbole have never actually seen the source code to OpenSSL or any other open source library. They are all universally littered with ifdefs and compatibility layers from the dawn of civilization with entire suites of meta-programs (e.g. autotools) devoted to making it all work.

        When managed properly these things are a non-issue.

        • I have an answer to anyone who comes later to look at the code and says, "WTF??" - "Historical reasons!" This covers the seven different hacks that resulted from the hardware changing, the requirements being uprooted and new ones being grafted on, bad design decisions, and 14 years of mods to handle various idiosyncracies of different machines and OS that the dang code had to run on in those 14 years.

    • by Anonymous Coward

      Their fork has already tossed out tens of thousands of lines of code and started again.

      Well yes, if you only target a single platform, that sure makes it easier.

  • Comment removed (Score:5, Insightful)

    by account_deleted ( 4530225 ) on Thursday May 29, 2014 @10:48AM (#47120035)
    Comment removed based on user account deletion
    • by Himmy32 ( 650060 )
      If someone's willing to give the money to make it better, I won't complain. Good options are better than no options. I wish the best of luck to both teams.
    • by colfer ( 619105 ) on Thursday May 29, 2014 @11:23AM (#47120387)

      The big companies probably want more control over the project than LibreSSL will allow them. They've been burned once by relying on old-style Unix community dev. But it's also entirely their own fault for not funding and auditing the open source code they were building their billions on.

      Seems to me LibreSSL is the way to go, but I can also see why the corporations would just use it as a side-stream for hints on what to fix. They have enough resources to rewrite openSSL from the inside rather than the the LibreSSL tear-down approach. Having both projects is really a benefit for LibreSSL as longs as it gets sufficient interest and resources.

      • seems to me it was old fashioned corporate greed and rubberstamping that burned them. openssl foundation just doing FIPS consulting gigs for $1M /year

      • by RR ( 64484 )

        Seems to me LibreSSL is the way to go, but I can also see why the corporations would just use it as a side-stream for hints on what to fix. They have enough resources to rewrite openSSL from the inside rather than the the LibreSSL tear-down approach.

        I don't think companies really "have enough resources" to rewrite OpenSSL. The problem is that you can't just throw money at a project and have stuff happen. You need people to implement those changes. And we're still in the clutches of the software crisis. [wikipedia.org]

        The problem with OpenSSL is that it is really, really bad code. [youtube.com] It's security code, which few people have the expertise to handle. It has an idiosyncratic style, which few people want to look at, it's so painful. And it is so littered with backwards comp [opensslrampage.org]

        • I like the idea of the "improve" strategy for OpenSSL, in addition to LibreSSL. This is the advantage of open source. I expect that each project will benefit from the perspective of the other, and as OSS projects they will hopefully cooperate to assure that the libraries interoperate. In the long run, it's not unlikely that the two will re-merge. The OpenBSD folks seem less inclined to that historically, but there are a number of projects where that has occurred - Compiz and Beryl come to mind. So thes

    • Yeah, been reading OpenSSL Valhalla Rampage [opensslrampage.org]
        Once it is released in Linux, I'm definitely switching.

    • seriously pumping openssl full of cash at this point is like buying new deck chairs for the titanic.

      It is great to see interest in improving OpenSSL yet bug fixes and deletion of compatibility layers in my opinion is in much the same category as purchase of new deck chairs.

      If "we" were serious we would re-architect it from scratch to be secure by design... endeavor in which nobody is currently publically known to be engaged. I hope one or both of the teams seriously considers it. I also hope "dino dung" bravado is replaced with realization everyone is on the same side.

  • LibreSSL For Me (Score:3, Insightful)

    by Anonymous Coward on Thursday May 29, 2014 @10:48AM (#47120047)

    Two developers added to an already crummy project? Ha! I'll send my money to the OpenBSD project, instead. OpenSSH and pf are just two examples of how they got the job done when outside projects fail to deliver. They'll do the same with LibreSSL, and in a year most everybody will have switched.

    Send the OpenBSD project some money: http://www.openbsdfoundation.org/

  • by Anonymous Coward

    Two developers for a core piece of software used by nearly the entire network industry. Hooray!! (slow sarcastic clap)

    That's chump change for the big organizations involved. That's less than chump change. It wouldn't even catch the eye of brain dead bottom line accountant. It's probably tax deductible too.

    Something needs to change.

    • Sure it is used by a lot of people... However it doesn't mean that you need a million eyes looking at it. OpenSSL while necessary, isn't a big program.

      Almost every Unix/Linux command line user uses the cat command. How many people do you think you will need to review that?

      • Sure it is used by a lot of people... However it doesn't mean that you need a million eyes looking at it. OpenSSL while necessary, isn't a big program.

        Almost every Unix/Linux command line user uses the cat command. How many people do you think you will need to review that?

        You have no idea what you are talking about.

        Makes me think if you have browsed the source code of any UNIX program?

    • by genx76 ( 3622475 )

      It's probably tax deductible too.

      Supposing they did not escape all taxes yet.

      • by Anonymous Coward

        Supposing they did not escape all taxes yet.

        Take off your tinfoil hat. Stop spreading the myth that these companies don't pay taxes. If they didn't, the IRS would be all over them.

        • by Anonymous Coward

          Take off your tinfoil hat. Stop spreading the myth that these companies don't pay taxes. If they didn't, the IRS would be all over them.

          The point of comments like that is not that these companies don't pay all taxes required by law, but that current tax laws & tax treaties with foreign jurisdictions allow you to create corporate structures like the double Irish Dutch sandwich [wikipedia.org] which effectively pay no tax at all.

    • It's probably tax deductible too.

      No, the OpenSSL foundation is a for-profit consultancy whose primary business purpose is US government FIPS support contracts.

  • Given the fact that projects like this have a tendency to shut down in the middle of security audits, it must be curtains for OpenSSL. Just look at what happened to TrueCrypt!

    .
    .
    .
    pst, it's a joke
    .
    .
    .

    • It would be nice, however, if Slashdot had picked up in the biggest piece of Tech news in the last several months and actually reported TrueCrypt's demise.

  • by EmperorOfCanada ( 1332175 ) on Thursday May 29, 2014 @11:08AM (#47120229)
    Why give these guys money? Start afresh like the BSD guys are doing. I suspect they don't want to lose their juicy consulting gigs.
  • by Anonymous Coward

    Question: Why spend money and resources on OpenSSL when you can spend it on LibreSSL?

    Question: Is OpenSSL currently useful for intelligence agencies?

    Question: Can the same be said for LibreSSL when it is done?

  • by iggymanz ( 596061 ) on Thursday May 29, 2014 @11:17AM (#47120319)

    the fact that these companies haven't even addresses the other MASSIVE flaw with openssl (which the OpenBSD team has dealt with already) shows they have no grasp of the issues

    • by Anonymous Coward

      Support for RSA and ECC accelerators? They dealt with that. Gone.
      Support for symmetric crypto accelerators? They dealt with that. Gone.
      Vectorized C and ASM cipher implementations? They dealt with that. Gone.
      Portability to *anything* not OpenBSD? They dealt with that, too.

      LibreSSL - "how to turn a crusty SSL library into a academic toy"

      • by Anonymous Coward

        The accelerators are still there. They just use OpenBSD's unified /dev/crypto interface. In fact, for years OpenBSD's OpenSSL was the only one that did HW acceleration out-of-the-box and with no configuration except a single sysctl.conf option.

      • nonsense, it was the openssl code that had crufty incorrect methodology for being "portable", #ifdef hell and a contrived c dialect.

        The openbsd team's changes are making the code easily portable just as openssh and their other major projects are, and after building the openbsd version they'll then focus on the portable version

  • I hope they don't shut the project down... abruptly and without warning...

    • by cpghost ( 719344 )

      I hope they don't shut the project down... abruptly and without warning...

      You mean with warning... not to use OpenSSL, but rely on Microsoft's NSA-infested crypto-libraries like TrueCrypt did with its BitLocker recommendation?

  • Whoever is hired to fix OpenSSL will instantly receive an NSL to STFU and put in an NSA backdoor.
  • So don't bring in cryptographers. Heartbleed was a bonehead entry level programming error based on some arguably foolish decision about performance improvements. Read the code cleanup comments at libressl.org.

"Our vision is to speed up time, eventually eliminating it." -- Alex Schure

Working...