|
|
2003/02/04 - Solar Designer
Openwall GNU/*/Linux
An interview conducted by Alain Buret
Alain Buret - Please present yourself ?
Solar Designer - I generally prefer to speak about things I do rather than about myself. For the past 6 years I've been spending much of my time on computer and network security. In particular, I've been developing free Unix security tools and other (non-security) software designed to be safe to use, as well as making existing software and technologies safer to use (discovering, dealing with, and sometimes publicizing vulnerabilities whenever that seemed appropriate). This is what Openwall Project (http://www.openwall.com) is about.
Although I'm the author of most of the individual pieces of software released under Openwall, our biggest development project, Openwall GNU/*/Linux (Owl), is a team effort which I am leading. Owl is a security-enhanced OS with Linux and GNU software as its core and intended primarily for Internet servers.
Alain Buret - You're famous for John the Ripper... can you explain why you did it ?
Solar Designer - It was primarily a technical challenge. I saw Crack and Cracker Jack and I thought that there has to be room for improvement. And I had an idea: don't restrict the key space to whatever comes from a wordlist + word mangling rules, but rather order candidate passwords, from the entire keyspace, for decreasing estimated probability of each being the password as derived from statistical information. I was unsure it would be practical. I was unsure how much faster it would get certain passwords than a dumb exhaustive key search would. So I went ahead and implemented the first working prototype, not called John the Ripper at the time. It turned out that it was able to crack many non-word-based 7- and 8-character long passwords, - something which was non-practical with existing Unix password crackers and hardware available at the time. So these passwords had to be considered weak as well. Encouraged by the success, I eventually decided to make a full-featured Unix password cracker that would use both the traditional and my new approach to generating candidate passwords, and that would also use CPU resources more optimally.
The first version of John the Ripper was born, with assembly language optimizations specific to Intel Pentium, the new processor at the time (1996). Subsequent versions released in 1997 introduced much better portability and many other optimizations to the crypto code, both generic and specific to various architectures (John could now take advantage of 64-bit architectures), and support for FreeBSD-style MD5-based passwords (with my own optimized code, too). However, at this point the source code was hard to extend much further, and I had ideas on what needs to be added. So I've re-done it starting with 1.5 (1998), adding a framework for registering new password hash types and allowing for parallel processing of multiple candidate passwords. The latter is used to implement techniques such as Eli Biham's "bitslice" DES (the term "bitslice" is actually Matthew Kwan's), already seen in 1.5, and to bring more parallelism down to instruction level also for hash types based on other cryptographic primitives (post-1.6 versions use this for MD5 on RISC).
Now John the Ripper supports many password hash types, not even limited to those used by Unix flavors. And it became a component in my Unix password security tool set, which also includes pam_passwdqc, a proactive password strength checking PAM module (designed to catch weak passwords at the time they're set) and crypt_blowfish, a password hashing framework and an implementation of a modern password hashing algorithm which produces much stronger password hashes than those most Unix systems still use. All of these tools are fully integrated into Owl and are also available with certain other distributions.
Alain Buret - Openwall GNU/*/Linux (Owl) may be seen as "another secured distribution"... can you explain why you made it? What are the main advantages of Owl over other "secured" distributions, like ie SmoothWall ?
Solar Designer - Oh, this question (and the brief answer) is right on the second slide of the presentation I'll be making at FOSDEM. :-) I needed a distribution which would be adequately secure for use at the companies I was working for or consulting, and that wouldn't require much (or any) time spent on "securing" each install. Yes, as you mention, now there exist several other "secured" distributions. In fact, I help edit an ODP (http://dmoz.org) category on just those. However, our approach to security (and how we really do it rather than just speak about it!) differs from that used by most other related projects. Most choose software based on security track record. To me, this shows lack of experience on their part to judge on the (in)security of a piece of software on their own (do its design and source code review) and/or no desire to invest this much time. A good security track record is no replacement for source code review; unless the software component is very popular, the track record hardly says anything on its design and code quality. It isn't just the choice of software which matters. We apply modifications, sometimes even design changes, in order to reduce the impact of potential vulnerabilities we could have missed. The introduction of privilege separation into network services on Owl is an example of this. In other "hardened" distributions, there's often an emphasis on kernel modifications.
Well, my opinion is that those don't warrant a whole new distribution in the first place. While Owl supports various "hardening" techniques such as those found in my Linux kernel patches, for us they're only secondary and their primary purpose is to reduce the likelihood or impact of successful real-world attacks on insecure third-party software on might install on the system. The use of any kernel modifications on Owl is optional. Finally, it's not just the security-related bells and whistles which make a system secure. By packaging security tools in a distribution you don't get a "secure" distribution, you merely get a distribution with pre-packaged security tools. This is why, while we do see providing a wide range of security tools with Owl as one of the goals, we're concentrating on other aspects first. The particular example you've used, SmoothWall, isn't even a similar project (despite what the name might suggest). It is a special-purpose distribution for use as a firewall and thus doesn't make an attempt at providing any improved local OS security. In fact, I think their primary goal is ease of use and not security.
Alain Buret - Are there some disadvantages, or missing features you would like to add quickly ?
Solar Designer - Of course, there're many things yet to be done. I am not sure how "quickly" they may be done, though, - much of it depends on whether someone would volunteer to do them (and actually do that!) Unfortunately, experience shows that most volunteers who haven't been with the project for while either don't do what they've volunteered for (does this sound familiar? I'd expect so) or are unable to easily meet the quality requirements I set (there's nothing too exciting about just packaging a piece of software or just making something work, it also needs to be done according to our project's concepts and goals). Some of the things that I'd like to see done are listed in Owl/doc/TODO in our CVS tree. This includes further work on the packages we have and new packages to be added, as well as work on Owl as a whole. One disadvantage Owl currently has is its lack of an intuitive installation procedure. Currently, installing Owl for the first time requires much Linux system administration experience, - more than is absolutely necessary for its subsequent use. This prevents us from offering Owl to a wider potential userbase.
Alain Buret - Who are your users ? And why do they use Owl, instead of something else ?
Solar Designer - It's primarily experienced system administrators who value security of their systems, - and this is also the reason they choose Owl. Other likely uses of Owl relate to our providing a live multi-user system with networking, development, and security tools on the CDs, and to the ability to easily rebuild the system from source ("make buildworld").
Alain Buret - What do you expect from your FOSDEM talk ?
Solar Designer - I'd like to share our achievements with other developers for possible re-use by other projects. Apparently, it was the presentation on Owl we did at CanSecWest that has resulted in the use of our approach to crontab/crond privilege separation by OpenBSD. If a similar re-use of technology happens as a result of the FOSDEM talk, that alone would make it worth the time and money. Of course, I would also be happy to see more talented people join our team, such as by volunteering for and actually completing an item we have on TODO. :-)
|
|
|
Special announcement |
|
FOSDEM 2003 will take place on February 8 - 9 2003 in Brussels... |
|
|
FOSDEM search |
|
|
Contest |
|
Best background:
|
|
Create the coolest Fosdem background design and win cool stuffs... More info |
|
|
Sponsors corner |
|
|