From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp12.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id 8HaXGuspu2KEowAAbAwnHQ (envelope-from ) for ; Tue, 28 Jun 2022 18:18:51 +0200 Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp12.migadu.com with LMTPS id OKh4Guspu2IwmgAAauVa8A (envelope-from ) for ; Tue, 28 Jun 2022 18:18:51 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 2C29B1D743 for ; Tue, 28 Jun 2022 18:18:51 +0200 (CEST) Received: from localhost ([::1]:39586 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1o6DvO-0004CU-8x for larch@yhetil.org; Tue, 28 Jun 2022 12:18:50 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:39730) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1o6DvA-00048d-15 for guix-devel@gnu.org; Tue, 28 Jun 2022 12:18:36 -0400 Received: from mail-ot1-x330.google.com ([2607:f8b0:4864:20::330]:42939) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1o6Dv8-0007Fj-En for guix-devel@gnu.org; Tue, 28 Jun 2022 12:18:35 -0400 Received: by mail-ot1-x330.google.com with SMTP id q18-20020a9d7c92000000b00616b27cda7cso8483165otn.9 for ; Tue, 28 Jun 2022 09:18:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=q2eoqHbBQgQE3g0X8l5+6eEPfbiK6K/d9/uvXfbvv6Y=; b=T5kepFYmkHhajOkX8NcsG9gQey9bA0VT5rwabMhTouyjk7TC1SRe48PtDs0g4RR10s Q8ipcEBi9s6bLEw0Obnz9csxunVUVwUosMNXYzx5oDsULxSA1TdrGsRfnKqocr1oVxEH Dxd4hnVBhQL0Ep+wLDuPBt5Kfzca6QlvbQHtMSAkMWpQs2h7zn98Qi7L+zhtRo+M3EJw ztZGqBdEXZnmac/g2uI3kYcQwSmZcU6rfwI4WxOWU6lm8cJ5h78OA8I/1TgDyd4qQPVJ cPThd/s8pMCUW3ENBq8Av24EbHcWyqgeyGlZJeGuIt2t2CrCkRsR+aRz6E6OcQA9LUpC KF/Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=q2eoqHbBQgQE3g0X8l5+6eEPfbiK6K/d9/uvXfbvv6Y=; b=tabDbWjY6jfVSpmHIWEGisy0O72iUr+iT6/mXH7FDjUQZY4O8TVkxilAHKT5LhzpsF kpZEitSCJLzOCAuCWechu34MoCVi4A9jidjb7vTS/P+5mGwYCqS7B5rF9FLXPaY/IoLj A0mLud5WASkgp1YUFVESH7gUFtDq40lYbvvNwybnbjGw/31+VKJgPm48WSw7GlmSeAUQ gHWQqUKhwnMk+rTLQgWFZ8sYomFF79E7OdpcKeE+Rfu5jWsm8EBCP1X02Te6nVI6HNnA WpPXZLOYcyrmISzq9DA/vNQ90fgcaVJzV2fVroAJh2drB40ukQHj+mK5pRwx5DBAHcjm qWow== X-Gm-Message-State: AJIora8ze+T3voBufqRsFZdTI1MSsyZ2U9U+jsnqvWjkktoZAFK8ayoF HmY7ydmMbgw14J9hhrN8AmQu32dhYzuhrt8+qBw= X-Google-Smtp-Source: AGRyM1tZ7A2ShmNwwUa6YDGacxNmzB2DqmtAbtJ2COn1GwbMTtGfT1Zkh4BRWKzIE9nXUlv2vq/e5LEngE9MZC0u4TA= X-Received: by 2002:a9d:7f99:0:b0:616:c2d5:84cc with SMTP id t25-20020a9d7f99000000b00616c2d584ccmr6623798otp.86.1656433112837; Tue, 28 Jun 2022 09:18:32 -0700 (PDT) MIME-Version: 1.0 References: <87pmjlfdjl.fsf@contorta> <310AD876-916E-4020-A87E-5609E8166432@lepiller.eu> <87a6amgak1.fsf@contorta> <87r13grv6a.fsf@contorta> <87leth7ev6.fsf@contorta> <4BD0EAF3-DFA2-47B0-AFA0-AEAA2393F2A5@tobias.gr> In-Reply-To: <4BD0EAF3-DFA2-47B0-AFA0-AEAA2393F2A5@tobias.gr> From: =?UTF-8?Q?G=C3=A1bor_Boskovits?= Date: Tue, 28 Jun 2022 18:18:21 +0200 Message-ID: Subject: Re: maradns reproducibility fixes and the merits of picking a random number To: Tobias Geerinckx-Rice Cc: Guix Devel , Efraim Flashner , Vagrant Cascadian , Julien Lepiller , Felix Lechner Content-Type: multipart/alternative; boundary="00000000000048f07005e284636e" Received-SPF: pass client-ip=2607:f8b0:4864:20::330; envelope-from=gboskovits@gmail.com; helo=mail-ot1-x330.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: "Guix-devel" X-Migadu-Flow: FLOW_IN X-Migadu-To: larch@yhetil.org X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1656433131; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=q2eoqHbBQgQE3g0X8l5+6eEPfbiK6K/d9/uvXfbvv6Y=; b=KWsB6k0sZU2UqDxBcSfx0c1m5FipZfYBS2Lvq2BrhG0SSqJMU3fCG4WD2hP1LsDkLJz/cJ f5Ti2zSQRhBxi1UcAihG5HGJN7fd7hjKYEmfrJbWro2kNRu2Ip5/qFfoE3Qeew1nedQ0rE Qq0ThOYobUoYqhesLqIkg/7LvjAy1rfFmGxiqMv7kW4HtUcjfja4a3Qicj9571vrTtVBX6 TEUbPGONGfH7l19c1loTqcfibXfgogIhDcST5DLtiUoDkAPZ6OzaoQaYhYkqwxXEJC7ydT B5+CuChUmHT1lrCITsVDoOfm/8H94orWnApVEoySntPBU+39sGqYvNmH96Vg0w== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1656433131; a=rsa-sha256; cv=none; b=q3Cwr0nWaVIzpFr1vYjBQcma2I5ADHkynXiwnmRn8GqGezZ3yGOoAtmm+geXk0haF8NDfl /scyQKFJeNPlXKzQJWLV6U7I2FaDV6Sc6pGQVFpK4gSXcIUqoiwPvAqTB543dh+wzHwlYh tfm9Gc3IAEt+K42TZrCNgfzUaxl4R84Enec5fMo+nJTvy6kP55arlZjh8IQG4LQ3jOWc3g dHzW5pSN90TsvveuaxL8FppYq/RWXFaO65UdaKBhjzyGTDTotsmeIm0DUgoxvM5ku3Fk3T VuiHmj4nxdTLRq3m2sh8K6o+qSMiEwE2Fav8OEsljaH0yPOastgfOk7eyUr7Hg== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=gmail.com header.s=20210112 header.b=T5kepFYm; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: -4.25 Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=gmail.com header.s=20210112 header.b=T5kepFYm; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: 2C29B1D743 X-Spam-Score: -4.25 X-Migadu-Scanner: scn0.migadu.com X-TUID: JhGiqiQ+hONX --00000000000048f07005e284636e Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi, Tobias Geerinckx-Rice ezt =C3=ADrta (id=C5=91pont: 2022. j= =C3=BAn. 28., K 18:07): > Hi, > > Vagrant said: > > It is expensive to generate the random prime on some hardware, so doing > > so at runtime might not be feasible in some cases... > > But in the same reply you're paraphrasing, upstream also says: > > > In 2010, I updated that homegrown hash compression > > algorithm to also add a random number when compressing > > the input, and calculating another 32-bit random number > > when Deadwood starts. > ^^^^^^^^^^^^^^^^^^^^^^^ > > and > > > I believe the hash compression algorithm is protected from hash > > bucket collision attacks, even if Deadwood is patched to make > > MUL_CONSTANT a constant number, since the add constant > > remains random. > > so their 'too computationally expensive' does not make sense to me. Do > they bail out if generating the truly random part 'takes too long'? Sure= ly > not. > > Neither does the 'ah, but your urandom might be broken' argument for > silently substituting a still less random number. > > I don't think this alone justifies the scheme, or disabling substitutes. > I tend to agree. Afaics this can be solved in a workaround way. I don't think this random number is picked up by the build in any way. Upstream could just provide it as an optional config value. That would be better in every respect. Then they could just give a build flag to move to the new model. Do you think such a proposal would be accepted upstream? > > Kind regards, > > T G-R > > Sent on the go. Excuse or enjoy my brevity. > > --00000000000048f07005e284636e Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi,

Tobias Geerinckx-R= ice <me@tobias.gr> ezt =C3=ADrta = (id=C5=91pont: 2022. j=C3=BAn. 28., K 18:07):
Hi,

Vagrant said:
> It is expensive to generate the random prime on some hardware, so doin= g
> so at runtime might not be feasible in some cases...

But in the same reply you're paraphrasing, upstream also says:

> In 2010, I updated that homegrown hash compression
> algorithm to also add a random number when compressing
> the input, and calculating another 32-bit random number
> when Deadwood starts.
^^^^^^^^^^^^^^^^^^^^^^^

and

> I believe the hash compression algorithm is protected from hash
> bucket collision attacks, even if Deadwood is patched to make
> MUL_CONSTANT a constant number, since the add constant
> remains random.

so their 'too computationally expensive' does not make sense to me.= =C2=A0 Do they bail out if generating the truly random part 'takes too = long'?=C2=A0 Surely not.

Neither does the 'ah, but your urandom might be broken' argument fo= r silently substituting a still less random number.

I don't think this alone justifies the scheme, or disabling substitutes= .
I tend to agree.
Afaics this can be solved in a workaround way. I don't thi= nk this random number is picked up by the build in any way. Upstream could = just provide it as an optional config value. That would be better in every = respect.=C2=A0 Then they could just give a build flag to move to the new mo= del. Do you think such a proposal would be accepted upstream?

Kind regards,

T G-R

Sent on the go.=C2=A0 Excuse or enjoy my brevity.

--00000000000048f07005e284636e--