FreeBSD msk(4) and XPS M1530 ethernet

Last year I bought a new laptop: An XPS M1530. I've been generally quite happy with it, but it had one major flaw: Its (wired) ethernet support was provided via the Marvell Yukon 88E8040 Fast Ethernet chipset, which was not supported by FreeBSD -- and so I've been connecting to the outside world via the laptop's wireless ethernet (an Intel PRO/Wireless 3945ABG chipset) for the past 10 months. Effective a few hours ago, this is no longer necessary.

Pyun YongHyeon (aka. yongari@) made a series of commits to FreeBSD's msk(4) driver and the associated PHY code yesterday and today which added support for the 88E8040 chipset in FreeBSD -CURRENT. I don't run -CURRENT on this laptop; but I merged the updated code back to my 7.2-RELEASE tree and was surprised to see that everything worked without needing any backporting fixes. Hence

# cd /usr && cvs -d /usr/cvsroot co -r RELENG_7_2 src
# cd /usr/src/sys/dev/msk && cvs up -C -A
# cd /usr/src/sys/dev/mii && cvs up -C -A
# cd /usr/src && make buildkernel installkernel KERNCONF=GENERIC
and rebooting is all it takes to get this working on FreeBSD 7.2-RELEASE. I imagine yongari will merge the relevant code back to the 7-STABLE branch before 7.3-RELEASE; so the Marvell Yukon 88E8040 Fast Ethernet chipset should work in all FreeBSD releases numbered 7.3 and higher.

Posted at 2009-05-26 05:30 | Permanent link | Comments

scrypt version 1.1.2 released

On Saturday I released scrypt version 1.1 and asked the readership of these dispatches to help me out by testing it. Rory Arms, "atourino", Johan Brinch, Darren Chamberlain, Dalibor Gudzic, Mathias Gumz, Justin Haynes, Erik Karulf, Ricardo Martins, Marshall Pierce, Kenji Rikitake, "s0xxx", and Royce Williams obliged, finding compile-time and run-time errors -- and in several cases, submitting patches. I am happy to announce that I have uploaded scrypt version 1.1.2 (source tarball, GPG-signed SHA256 hash) to the scrypt website. This code has now been tested on FreeBSD, NetBSD, Linux, Solaris, OS X, Cygwin, and GNU Hurd.

In addition to the above, Mathias Gumz has sent me patches to make scrypt work on Windows; I haven't had time to integrate his work into my tree yet, but I plan on doing that soon. If anyone can test scrypt on any other systems (OpenBSD? DragonFlyBSD? Minix? AIX? HP-UX?), I'd be interested to hear the outcome -- please submit comments below.

UPDATE 2009-05-25: I've now released scrypt version 1.1.3, which includes a man page and builds on OpenBSD; thanks to Predrag Punosevac for many rounds of testing as I ironed out all of the portability issues.

Posted at 2009-05-20 09:50 | Permanent link | Comments

scrypt version 1.1 released

In a post here last week, I announced the scrypt key derivation function and the availability of source code for both the key derivation function and a file encryption utility which used it. At that point, the scrypt encryption utility only ran on FreeBSD; after a week of struggling with autoconf, I am now happy to announce that version 1.1 of the scrypt code should now run on linux and other unix-like operating systems.

I'd like to make scrypt as portable as possible, but I don't have access to a very wide range of systems to test with; so I'd like to ask my readers to help me with testing scrypt on non-FreeBSD systems. Please

  1. download the scrypt source code,
  2. verify the gpg signed SHA256 hash,
  3. extract the source code tarball,
  4. run ./configure && make,
  5. encrypt a file via ./scrypt enc origfile encryptedfile,
  6. decrypt the file via ./scrypt dec encryptedfile decryptedfile, and
  7. compare origfile and decryptedfile to confirm that the file was decrypted correctly.
Finally, please add a comment below indicating
  1. what sort of system (OS and hardware) you tried scrypt on,
  2. whether scrypt built and worked correctly, and
  3. if scrypt didn't work, what went wrong (e.g., what compiler errors were output).

In order to provide full disclosure: The next version of the tarsnap client code will be using scrypt, so I have an ulterior motive for wanting to check that the scrypt code is portable. That said, I think it's important for people to use strong cryptography, so I would want scrypt to be as portable as possible and usable as widely as possible even in the absence of tarsnap -- which is why scrypt is BSD licensed.

UPDATE: I coded a test for MAP_NOCORE backwards in version 1.1 of this code. This is fixed in version 1.1.1; if you tried version 1.1 and it failed with an error about MAP_NOCORE being undeclared, please download version 1.1.1 and try again (I've adjusted the links above).

Posted at 2009-05-16 08:25 | Permanent link | Comments

The scrypt key derivation function

One of the commonly requested features for Tarsnap is passphrase-protected key files. I started working on this in February, but soon discovered that the existing methods for passphrased-encrypted files were rather lacking -- at least based on my security guideline for tarsnap, i.e., "what if the NSA tried to attack this?".

I am speaking today at BSDCan'09 about my work on the scrypt key derivation function. In the context of hardware brute-force attacks, scrypt is thousands of times more secure than existing "best practice" solutions such as bcrypt and PBKDF2; in fact, under reasonable assumptions it is provably as strong as possible. In addition to the key derivation function itself, I have released a simple file encryption utility which is approximately 100 billion times more secure than openssl enc, due to OpenSSL using MD5 as a key derivation function.

The code I have written -- key derivation function and file encryption utility -- are now available from the scrypt page on the tarsnap web site, along with the 16-page paper I wrote defining and proving security properties of scrypt, and my conference slides. So far I have only built the scrypt code on FreeBSD; but I expect to port the code to other operating systems soon. Within a few weeks I expect to release a new version of the tarsnap client which uses scrypt to -- finally -- add support for password-protected key files.

In his famous "what you need to know about secure password schemes" blog post of September 2007, Thomas Ptacek concluded by saying that the correct choice of key derivation functions is bcrypt. He was right; but from today onwards, the correct choice is scrypt.

Posted at 2009-05-09 19:00 | Permanent link | Comments

Recent posts

Monthly Archives

Yearly Archives