From unknown Sat Sep 20 01:12:01 2025 X-Loop: help-debbugs@gnu.org Subject: bug#15366: MBR disk signature not random enough Resent-From: Philip Rowlands Original-Sender: "Debbugs-submit" Resent-CC: bug-parted@gnu.org Resent-Date: Fri, 13 Sep 2013 13:08:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 15366 X-GNU-PR-Package: parted X-GNU-PR-Keywords: To: 15366@debbugs.gnu.org X-Debbugs-Original-To: bug-parted@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.137907764427179 (code B ref -1); Fri, 13 Sep 2013 13:08:01 +0000 Received: (at submit) by debbugs.gnu.org; 13 Sep 2013 13:07:24 +0000 Received: from localhost ([127.0.0.1]:32957 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VKT5n-00074I-5f for submit@debbugs.gnu.org; Fri, 13 Sep 2013 09:07:23 -0400 Received: from eggs.gnu.org ([208.118.235.92]:56669) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VKT5k-000742-QV for submit@debbugs.gnu.org; Fri, 13 Sep 2013 09:07:21 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1VKT5Z-0007gg-36 for submit@debbugs.gnu.org; Fri, 13 Sep 2013 09:07:15 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,T_DKIM_INVALID autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:32879) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VKT5Y-0007gc-W8 for submit@debbugs.gnu.org; Fri, 13 Sep 2013 09:07:09 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:58342) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VKT5T-0004XC-7u for bug-parted@gnu.org; Fri, 13 Sep 2013 09:07:08 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1VKT5O-0007eS-J2 for bug-parted@gnu.org; Fri, 13 Sep 2013 09:07:03 -0400 Received: from out3-smtp.messagingengine.com ([66.111.4.27]:41986) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VKT5O-0007cK-B0 for bug-parted@gnu.org; Fri, 13 Sep 2013 09:06:58 -0400 Received: from compute3.internal (compute3.nyi.mail.srv.osa [10.202.2.43]) by gateway1.nyi.mail.srv.osa (Postfix) with ESMTP id 343AE212EE for ; Fri, 13 Sep 2013 09:06:55 -0400 (EDT) Received: from frontend1 ([10.202.2.160]) by compute3.internal (MEProxy); Fri, 13 Sep 2013 09:06:55 -0400 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=dimebar.com; h= message-id:date:from:mime-version:to:subject:content-type :content-transfer-encoding; s=mesmtp; bh=x99YKEW1L7uoyYeef8IBUEi wIPg=; b=MwoZUFqm9BgTejdtasSBU8U8LWoBXzVbMrqXvlsGwAil2lQvN+xfZii Kmy99hlCRIDupZZX+AVeUKCE/AsaYXw0ObXXSnvJiCMbZcbnXjOSD2WlQZ0FWVog v0HFrARMUyNToIIeDgwp0zhTaGwbGeGdirUohG+JYZ4BRyMY2uFM= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=message-id:date:from:mime-version:to :subject:content-type:content-transfer-encoding; s=smtpout; bh=x 99YKEW1L7uoyYeef8IBUEiwIPg=; b=cfi1L6L9v/PsFTzkHR16VwwBgdShqa1mJ bbxUtJzuIz3CSiAT0YBQFWTmJQP8mG65L/apJXJEtEXExnFfYd1g7LU4bA0JoqzA 2IO7D1Au0tjKUCFKWKDxgMgCyWfGJU+u0+Ux/mqOiJS1dH/JpABakb/UwDIxsQuY P1TFLrlNV4= X-Sasl-enc: b8zS3DkpJAdJfoBY/ZM9anblWZEnyv7EMcskGT7wvzvB 1379077614 Received: from [192.168.43.170] (unknown [82.132.245.123]) by mail.messagingengine.com (Postfix) with ESMTPA id 2FC7BC00E7F for ; Fri, 13 Sep 2013 09:06:54 -0400 (EDT) Message-ID: <52330DD6.6070804@dimebar.com> Date: Fri, 13 Sep 2013 14:06:30 +0100 From: Philip Rowlands User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130801 Thunderbird/17.0.8 MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -5.0 (-----) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.0 (-----) libparted/labels/dos.c:generate_random_id() is used to create a new mbr_signature where none exists. The possible return values for generate_random_id() range from 0 to 999999, derived from the tv_usec field of gettimeofday(2). This limits the actual value written to mbr_signature to 0.023% of the possible uint32 values. I don't know how many MBRs in the world libparted has written the mbr_signature to, but the chance of collisions are greatly increased by having an artificially restricted value. Is there a better libc-provided rand(3)/random(3) function which can be used to provide a full 32 bits of randomness? I haven't checked all the other mklabel types, but it's possible they have similar limitations. gpt.c uses uuid_generate() which delegates the task to libuuid. Perhaps this could be used (with truncated output) for the MBR signature? Cheers, Phil From unknown Sat Sep 20 01:12:01 2025 MIME-Version: 1.0 X-Mailer: MIME-tools 5.503 (Entity 5.503) X-Loop: help-debbugs@gnu.org From: help-debbugs@gnu.org (GNU bug Tracking System) To: Philip Rowlands Subject: bug#15366: closed (Re: bug#15366: MBR disk signature not random enough) Message-ID: References: <529157A2.6080800@ubuntu.com> <52330DD6.6070804@dimebar.com> X-Gnu-PR-Message: they-closed 15366 X-Gnu-PR-Package: parted Reply-To: 15366@debbugs.gnu.org Date: Sun, 24 Nov 2013 01:35:03 +0000 Content-Type: multipart/mixed; boundary="----------=_1385256903-25605-1" This is a multi-part message in MIME format... ------------=_1385256903-25605-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Your bug report #15366: MBR disk signature not random enough which was filed against the parted package, has been closed. The explanation is attached below, along with your original report. If you require more details, please reply to 15366@debbugs.gnu.org. --=20 15366: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D15366 GNU Bug Tracking System Contact help-debbugs@gnu.org with problems ------------=_1385256903-25605-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at 15366-done) by debbugs.gnu.org; 24 Nov 2013 01:34:36 +0000 Received: from localhost ([127.0.0.1]:40929 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VkOaq-0006eH-42 for submit@debbugs.gnu.org; Sat, 23 Nov 2013 20:34:36 -0500 Received: from cdptpa-omtalb.mail.rr.com ([75.180.132.120]:45127) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VkOam-0006e0-AT for 15366-done@debbugs.gnu.org; Sat, 23 Nov 2013 20:34:32 -0500 X-Authority-Analysis: v=2.0 cv=IPSA+3TG c=1 sm=0 a=3SewDSjaRW4vdJyuxQ33ZQ==:17 a=DeBnktw0k-IA:10 a=JlIHnqCoHBcA:10 a=LFFd3SvNDBIA:10 a=S1A5HrydsesA:10 a=8nJEP1OIZ-IA:10 a=fxJcL_dCAAAA:8 a=KGjhK52YXX0A:10 a=LaVLTwSZQQ0A:10 a=pGLkceISAAAA:8 a=QfKxxUxMAAAA:8 a=ENOCa95lh6e-2s_gLawA:9 a=wPNLvfGTeEIA:10 a=MSl-tDqOz04A:10 a=qEPZfWqPSTxkRjjT:21 a=OB7I7LHidkh0Gpjo:21 a=3SewDSjaRW4vdJyuxQ33ZQ==:117 X-Cloudmark-Score: 0 X-Authenticated-User: X-Originating-IP: 72.238.73.171 Received: from [72.238.73.171] ([72.238.73.171:42954] helo=[192.168.1.6]) by cdptpa-oedge02.mail.rr.com (envelope-from ) (ecelerity 2.2.3.46 r()) with ESMTP id 20/1E-09582-2A751925; Sun, 24 Nov 2013 01:34:27 +0000 Message-ID: <529157A2.6080800@ubuntu.com> Date: Sat, 23 Nov 2013 20:34:26 -0500 From: Phillip Susi User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.1.1 MIME-Version: 1.0 To: 15366-done@debbugs.gnu.org Subject: Re: bug#15366: MBR disk signature not random enough References: <52330DD6.6070804@dimebar.com> In-Reply-To: <52330DD6.6070804@dimebar.com> X-Enigmail-Version: 1.6 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 15366-done X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 This was fixed by this commit: commit 70aa35b2b4d2e723fe82ac3184e5921a52be73ab Author: Jonathan Liu Date: Fri Oct 4 07:32:12 2013 -0700 dos: improve MBR signature generation Using tv_usec in struct timeval from gettimeofday() doesn't provide enough precision to fill an unsigned 32-bit integer and isn't really random. It it always less than one million when using the GNU C library while an unsigned 32-bit integer ranges between 0 and 4294967295. In FAT filesystem creation, parted already uses a better random generator, so move that code into a common function and use it for MS-DOS MBR signature generation. * libparted/fs/r/fat/fat.c (_gen_new_serial_number): Remove. (fat_create): Use generate_random_uint32 instead of _gen_new_serial_number. * libparted/labels/dos.c (generate_random_id): Remove. (msdos_write): Use generate_random_uint32 instead of generate_random_id. * libparted/labels/misc.h (generate_random_uint32): New function. Created from _gen_new_serial_number in libparted/fs/r/fat/fat.c with additional check to avoid returning zero, which may be interpreted as no FAT serial number or no MBR signature. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCgAGBQJSkVeiAAoJEJrBOlT6nu75LL8H/3Yg7oX+VlB+9YX8rHop6wzk OM7QLy+/Y3ms8cM/In6K38mMpWRmSZ9IPNblE2ez106Qkb9EG9nPhiKJBT4KK3Q8 lSGxZC15ppx68C4X0Wb54iyBBDzE8vmsIn0JYp+9rAtu86EE3XMzQqqVX4h2brHt EbaYWbnvMWrGAgobhJN/tvjNaI9/dW6rQ7b6JSHEjl9o0ZXCi9m46wMMaSI+2DWH JJ4ZJgxg0DVYT1dcz6c+kiUNQR/P4KY13JGsF792g9nYxCfWMtQn3LPNXSWFRMW7 jLCsIl2JvIsx74yqXBvXcAZarSjFEkEeW4Hd6lrQfvPvaJaboOVRQKd7YOj3bKQ= =ip0x -----END PGP SIGNATURE----- ------------=_1385256903-25605-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at submit) by debbugs.gnu.org; 13 Sep 2013 13:07:24 +0000 Received: from localhost ([127.0.0.1]:32957 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VKT5n-00074I-5f for submit@debbugs.gnu.org; Fri, 13 Sep 2013 09:07:23 -0400 Received: from eggs.gnu.org ([208.118.235.92]:56669) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1VKT5k-000742-QV for submit@debbugs.gnu.org; Fri, 13 Sep 2013 09:07:21 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1VKT5Z-0007gg-36 for submit@debbugs.gnu.org; Fri, 13 Sep 2013 09:07:15 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,T_DKIM_INVALID autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:32879) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VKT5Y-0007gc-W8 for submit@debbugs.gnu.org; Fri, 13 Sep 2013 09:07:09 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:58342) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VKT5T-0004XC-7u for bug-parted@gnu.org; Fri, 13 Sep 2013 09:07:08 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1VKT5O-0007eS-J2 for bug-parted@gnu.org; Fri, 13 Sep 2013 09:07:03 -0400 Received: from out3-smtp.messagingengine.com ([66.111.4.27]:41986) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VKT5O-0007cK-B0 for bug-parted@gnu.org; Fri, 13 Sep 2013 09:06:58 -0400 Received: from compute3.internal (compute3.nyi.mail.srv.osa [10.202.2.43]) by gateway1.nyi.mail.srv.osa (Postfix) with ESMTP id 343AE212EE for ; Fri, 13 Sep 2013 09:06:55 -0400 (EDT) Received: from frontend1 ([10.202.2.160]) by compute3.internal (MEProxy); Fri, 13 Sep 2013 09:06:55 -0400 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=dimebar.com; h= message-id:date:from:mime-version:to:subject:content-type :content-transfer-encoding; s=mesmtp; bh=x99YKEW1L7uoyYeef8IBUEi wIPg=; b=MwoZUFqm9BgTejdtasSBU8U8LWoBXzVbMrqXvlsGwAil2lQvN+xfZii Kmy99hlCRIDupZZX+AVeUKCE/AsaYXw0ObXXSnvJiCMbZcbnXjOSD2WlQZ0FWVog v0HFrARMUyNToIIeDgwp0zhTaGwbGeGdirUohG+JYZ4BRyMY2uFM= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=message-id:date:from:mime-version:to :subject:content-type:content-transfer-encoding; s=smtpout; bh=x 99YKEW1L7uoyYeef8IBUEiwIPg=; b=cfi1L6L9v/PsFTzkHR16VwwBgdShqa1mJ bbxUtJzuIz3CSiAT0YBQFWTmJQP8mG65L/apJXJEtEXExnFfYd1g7LU4bA0JoqzA 2IO7D1Au0tjKUCFKWKDxgMgCyWfGJU+u0+Ux/mqOiJS1dH/JpABakb/UwDIxsQuY P1TFLrlNV4= X-Sasl-enc: b8zS3DkpJAdJfoBY/ZM9anblWZEnyv7EMcskGT7wvzvB 1379077614 Received: from [192.168.43.170] (unknown [82.132.245.123]) by mail.messagingengine.com (Postfix) with ESMTPA id 2FC7BC00E7F for ; Fri, 13 Sep 2013 09:06:54 -0400 (EDT) Message-ID: <52330DD6.6070804@dimebar.com> Date: Fri, 13 Sep 2013 14:06:30 +0100 From: Philip Rowlands User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130801 Thunderbird/17.0.8 MIME-Version: 1.0 To: bug-parted@gnu.org Subject: MBR disk signature not random enough Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -5.0 (-----) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.0 (-----) libparted/labels/dos.c:generate_random_id() is used to create a new mbr_signature where none exists. The possible return values for generate_random_id() range from 0 to 999999, derived from the tv_usec field of gettimeofday(2). This limits the actual value written to mbr_signature to 0.023% of the possible uint32 values. I don't know how many MBRs in the world libparted has written the mbr_signature to, but the chance of collisions are greatly increased by having an artificially restricted value. Is there a better libc-provided rand(3)/random(3) function which can be used to provide a full 32 bits of randomness? I haven't checked all the other mklabel types, but it's possible they have similar limitations. gpt.c uses uuid_generate() which delegates the task to libuuid. Perhaps this could be used (with truncated output) for the MBR signature? Cheers, Phil ------------=_1385256903-25605-1--