X-Scanned-BY: MIMEDefang 2.68 on 10.5.11.22 MIME-Version: 1.0 In-Reply-To: X-Spam-Status: No, score=-7.6 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_HI, RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,RP_MATCHES_RCVD autolearn=ham autolearn_force=no version=3.4.0 References: <543560E8.5070902@redhat.com> <54356872.6040204@redhat.com> Message-ID: <5435741C.90104@redhat.com> Content-Type: text/plain; charset=utf-8; format=flowed Organization: Red Hat X-RT-Original-Encoding: utf-8 Received: from mx.ams1.isc.org (mx.ams1.isc.org [199.6.1.65]) by bugs.isc.org (Postfix) with ESMTP id A025D2D2004F for ; Wed, 8 Oct 2014 17:28:03 +0000 (UTC) Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mx1.redhat.com", Issuer "DigiCert SHA2 Extended Validation Server CA" (not verified)) by mx.ams1.isc.org (Postfix) with ESMTPS id 09B411FCB5A for ; Wed, 8 Oct 2014 17:28:00 +0000 (UTC) Received: from int-mx09.intmail.prod.int.phx2.redhat.com (int-mx09.intmail.prod.int.phx2.redhat.com [10.5.11.22]) by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id s98HRwne018266 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) for ; Wed, 8 Oct 2014 13:27:59 -0400 Received: from pspacek.brq.redhat.com (pspacek.brq.redhat.com [10.34.128.7]) by int-mx09.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id s98HRue5031207 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NO) for ; Wed, 8 Oct 2014 13:27:58 -0400 Delivered-To: bind9-bugs@bugs.isc.org Subject: Re: [ISC-Bugs #37410] PKCS#11 PIN length is silently limited to 32 characters [patch] User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.1.1 Return-Path: X-Original-To: bind9-bugs@bugs.isc.org Date: Wed, 08 Oct 2014 19:27:56 +0200 X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on mx.ams1.isc.org To: bind9-bugs@isc.org Content-Transfer-Encoding: 7bit From: Petr Spacek RT-Message-ID: Content-Length: 2013 On 8.10.2014 18:56, Francis Dupont via RT wrote: >> I'm not opposing to that however I do not see a reason to artificially >> limit PIN length on *client* side. > > => laziness... (i.e., it is more complex to manage > a dynamically sized piece of memory :-). That is why I used 1024 byte buffer :-) I don't want to be bold but... aren't we spending too much time on such a minor thing? Feel free to amend the buffer size or refuse the second patch completely if you feel that 31 byte PIN is good enough for everyone :-) >> In this particular case I'm using SoftHSM so there is no secure way >> how to >> enforce limit on retries. That is the reason why I wanted to use very >> long PIN. > > => a long PIN won't save you, in particular with SoftHSM > which doesn't really protect it (BTW mainly because it can't > in an easy way. I know how to reset the PIN in the case I used > something which is not 1234 and I'd like to keep objects, and > I did it more than once :-). I'm not an SoftHSM expert but I have to ask: Are you talking about SoftHSM v2? Looking at src/lib/data_mgr/SecureDataManager.cpp it seems that all values with CKA_PRIVATE = TRUE are encrypted with key which is derived from PIN. Sure, it can't help against on-line attack where the key is in memory but it should help against off-line attacks. Also, we want to run SoftHSM in separate process so bugs which allow attacker to read server's memory will not expose keys. >> (And yes, I know that SoftHSM is really cheap HSM :-)) > > => I added a large amount of code in SoftHSMv2 so now > I am in its developer list! But if SoftHSM is a very good tool > to debug/practice/etc PKCS#11 code it was *not* designed > for strong security at all. I'm aware of that. Customers who want real security are encouraged to buy real HSM but SoftHSM is good enough for those who do not care. SoftHSM should not be worse than keys stored in plaintext on disk, right? Thank you for the discussion and your time! -- Petr Spacek @ Red Hat