Party Vibe

interesting – though I had a look at the various reports and what little I could understand about this utility (netcat in the clear is complex enough) – seems equally possible there are not enough folk around who understand that much hard maths to have known if if the choice was a good prime number or not

Maybe those who do are already working at Cheltenham or similar places overseas; or busy keeping something else safety critical in their country working [or a combination of both].

It is not unlikely that Zhigang Wang and his employers may well have wanted to check the whole lot still worked correctly via other means (the bug report hints that it wasn’t working at all to start with and what was done was a workaround) as much as any direct sinister intent; a crypto scheme that intermittently corrupts or garbles data can in many applications be worse than using none at all.

Having had to work with Oracle databases about 10 years ago (not by choice) – one use case I could envisage with Oracle which may include obtaining a dump of an entire database (for correcting existing flaws within it) using such a method that was secure enough not to just be a raw octet stream (thus permitting the work to be outsourced to remote contractors) rather than having to be carried out in a secure lab directly connected to the server being worked on).

He mentioned himself lacking the knowledge to merge the patch into the whole dev stream; which hints at this being done as a quick hack using minimal resources and the message threads point out the SSL had various other flaws anyway. In any case it is not the only method that could be used to encrypt data generated by this utility, more secure ones exist and this flaw is supposedly patched in later versions which use a correct prime.

To confuse matters further there are a lot of computer scientists called Zhigang Wang and possibly more than one Gerhard Rieger 😉 – I expect the first would speak Chinese as his first language and the second German, thus introducing as many risks of human communication errors as any deliberate attempt to make the encryption easier to break.

I agree that the “correct” development rules were certainly not followed and this would have been a relatively easy one to spot but many software dev teams are very lean and even the open source ones make it quite difficult to contribute even for those who might be skilled coders.

That said in the original discussions Zhigang Wang himself openly admits he did not know himself whether the patch (contributed as it solved an issue with a wider automated deployment of virtual machines for a wider project which makes use of socat in the provision process) was 100% secure; other boffins point out further flaws in all the crypto schemes used.

All of this was back in 2013.

The one bit of consensus was that there should remain an option to run the lot in clear for use in suitably secure environments (as that definitely works).

Given his comments (and those of others) it is not unlikely he was indeed instructed to use that particular number as part of a wider hack to keep a specific system running and the risk of the backdoor overlooked (or even made use of for the kind of “eavesdropping” that is often necessary for networked systems maintenance).

in hindsight it would have looked far less suspicious if some comment lines were added to the code patch which was only committed some months later – even if it were just a warning to check the prime before compiliing it and to use the same one for all the systems in a particular network (or else nothing will work)

Its still unclear why it is hardcoded in the first place as even my basic computer science texts discourage this sort of practice – its only been in the last decade or so that encryption has been widely used anyway.

>> * In order to migrate a VM without user interactive, we have to configure ssh
>> keys for all Servers in a pool. Key management brings complexity.
>
> Surely your automated server deployment system can manage this ?

Yes, we can.

keys are states; we need to make sure they are always sync. Also after this,
all Servers in a pool can login to each other. I don’t know whether it’s
a security issue for our product.

This is something we try to avoid at this time.

Thanks,

Zhigang

Xen Hypervisor Bug Tracker: #19 – xl migrate transport improvements

Public Git Hosting – socat.git/commitdiff