The International Simutrans Forum

Development => Bug Reports => Topic started by: jff on September 07, 2016, 05:58:54 AM

Title: openssl 1.1.0
Post by: jff on September 07, 2016, 05:58:54 AM
Hello,

are you planed to switch to openssl 1.1.0?

On Debian we have a transition[1] for it.


There are a discussion at the Debian devel mailing list[2].

The proposal to use openssl 1.0.x and 1.1.x parallel is probably not
pursued

At the moment their want to replace openssl before the freeze[3].


If you have more questions feel free to ask me.

CU
Jörg


[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=827061
[2] https://lists.debian.org/debian-devel/2016/06/msg00205.html
[3] https://wiki.debian.org/DebianStretch
Title: Re: openssl 1.1.0
Post by: Vladki on September 07, 2016, 02:37:13 PM
I'm not a developer so I may be wrong, but I thought that simutrans does not use openssl at all.
Title: Re: openssl 1.1.0
Post by: DrSuperGood on September 07, 2016, 03:14:28 PM
As far as I am aware Simutrans has no problem with SSL because it does not use, or need to use SSL in the first place. It does not handle information sensitive enough that man-in-middle and other attacks are a concern. Even if it does use SSL somewhere I doubt OpenSSL is used.

If this is regarding the servers running the site, this is the wrong forum section for it. This section is for bugs in the game Simutrans.
Title: Re: openssl 1.1.0
Post by: Vladki on September 07, 2016, 05:58:36 PM
I have checked the above bug report, and got through to failed build output.
https://breakpoint.cc/openssl-1.1-rebuild-2016-05-29/Attempted/simutrans_120.1.3+repack-1_amd64-20160529-1536
It seems that simutrans is using some functions from ssl and they have changed
Title: Re: openssl 1.1.0
Post by: TurfIt on September 07, 2016, 06:17:44 PM
Simutrans does not use any ssl functions. However the alternative sha1 patch used in Debian builds appears to. This is a problem for the creator of that patch to fix...
Title: Re: openssl 1.1.0
Post by: DrSuperGood on September 07, 2016, 11:52:07 PM
Quote
It seems that simutrans is using some functions from ssl and they have changed
It is?!

I checked files like utils/sha1.h and sha1.cc which both appear a lot on the error log as using the type, but instead they are fully self-contained and make no reference to ssl types.

In fact the only line in the entire project that contains "ssl" is...

// with this, we avoid calling us endlessly


Maybe it is conflicting with the "_SHA1_H_" definition of the sha1 header?!

To me this error looks like it is trying to use a wrong file to build with. Eg it might be using a file named "sha1" from another project/source which is not compatible with the one Simutrans provides. Either that or something is openssl conflicts with the sha1 implementation simutrans uses.
Title: Re: openssl 1.1.0
Post by: Isaac Eiland-Hall on September 08, 2016, 04:17:02 AM
We should upgrade to endlessly 1.1.0 then! :)
Title: Re: openssl 1.1.0
Post by: Ters on September 08, 2016, 06:27:22 PM
The sha1 code appears to be copied from somewhere. That code may contain bugs, and since those bugs won't be fixed by patches applied to whatever the code is copied from, it can be considered as bad as depending on an outdated version of whatever the code was copied from. (Which makes me wonder why Microsoft suddenly recommends that applications have private copies of their dependencies, rather than having a system-wide installation that can be upgraded once for all users, especially since this change coincided with a versioning system for libraries to combat DLL-hell.)

Then again, using SHA-1 might not be a good idea at all in the first place anymore.
Title: Re: openssl 1.1.0
Post by: TurfIt on September 08, 2016, 08:24:33 PM
The sha1 code is only used for the player passwords, and pak file verification when joining a server. It's likely overkill already, hardly a place a cryptographically stronger algorithm is necessary... Not like you use your banking credentials as your Simutrans player.  ;)
Title: Re: openssl 1.1.0
Post by: Ters on September 09, 2016, 04:45:19 AM
If the password is transmitted without SSL (or similar), hashing it for storage doesn't add much. The line is likely more unsecure than the server. Not that hashing with SHA-1 is supposed to help much anymore anyway.
Title: Re: openssl 1.1.0
Post by: DrSuperGood on September 09, 2016, 04:58:27 AM
Quote
If the password is transmitted without SSL (or similar), hashing it for storage doesn't add much. The line is likely more unsecure than the server. Not that hashing with SHA-1 is supposed to help much anymore anyway.
SHA-1 is still pretty secure. Sure there is evidence to believe that a few SHA-1 collisions have occurred, however this was on very large scale systems and servers after years of operation. This is why better SHA versions were made with bigger keys for lower collision chance.

Man in the middle attacks could still get the password and send it. Additionally the password could technically be brute forced given enough time (if the universe does not end before then).

However one must remember that these are passwords for transport companies in a game. Sure some government agency might be able to hack in and control your company but surely they would have better things to do such as stopping terrorists? The server owner knows your password anyway and I am pretty sure some people re-use their passwords across servers.
Title: Re: openssl 1.1.0
Post by: Ters on September 09, 2016, 05:11:46 AM
Quote from: DrSuperGood on September 09, 2016, 04:58:27 AM
However one must remember that these are passwords for transport companies in a game. Sure some government agency might be able to hack in and control your company but surely they would have better things to do such as stopping terrorists? The server owner knows your password anyway and I am pretty sure some people re-use their passwords across servers.
The server owner should not know your passwords! And the number of people who reuse passwords are disturbingly high, not to mention how easy it is for a server owner to get the users to tell them their passwords (one may not even have to ask. That is why the leak of passwords from various relatively unimportant sites have been such a big deal.
Title: Re: openssl 1.1.0
Post by: DrSuperGood on September 09, 2016, 05:51:05 AM
Quote
The server owner should not know your passwords!
In Simutrans they know the hash of your password, and hence know your password. Using a modified Simutrans they could inject your password hash directly to another server, where if you used the same password they would then login. Or at least that is what it looked like to me.
Title: Re: openssl 1.1.0
Post by: Ters on September 09, 2016, 03:18:15 PM
Quote from: DrSuperGood on September 09, 2016, 05:51:05 AM
In Simutrans they know the hash of your password, and hence know your password.
That is not the same. Hashing is a non-reversible function, which is the whole point when using it for storing user passwords. Knowing the hashed password will not allow you to impersonate that user, because that should require knowing the plain-text password.

Quote from: DrSuperGood on September 09, 2016, 05:51:05 AM
Using a modified Simutrans they could inject your password hash directly to another server, where if you used the same password they would then login. Or at least that is what it looked like to me.
If Simutrans uses the already hashed password over the wire, then the hash is the password. Whatever the user typed is just an easier-to-remember seed to generate it. It will allow someone with access to the server to impersonate that users, but they can do that by setting another password anyway. They will not be able to use that password to log onto their mail accounts or whatever, unless they also take passwords in using exactly the same hashing algorithm.

Naturally, if the unhashed password is sent to the server, a server administrator will have the ability to snatch it in-flight from RAM. I think there are some solutions to that as well, but given how heartbleed supposedly gave access to passwords, I guess it is quite normal for servers to take unhashed passwords when authenticating users even if they hash passwords for storage.
Title: Re: openssl 1.1.0
Post by: DrSuperGood on September 09, 2016, 04:27:31 PM
Quote
That is not the same. Hashing is a non-reversible function, which is the whole point when using it for storing user passwords. Knowing the hashed password will not allow you to impersonate that user, because that should require knowing the plain-text password.
Except the server also does not know the plain text password. As such authentication is as simple as checking the hash received matches the hash stored for the password. Since the server owners know the hash of your password, they could in theory use it to authenticate themselves as you using a custom build of Simutrans.

Quote
If Simutrans uses the already hashed password over the wire, then the hash is the password. Whatever the user typed is just an easier-to-remember seed to generate it. It will allow someone with access to the server to impersonate that users, but they can do that by setting another password anyway. They will not be able to use that password to log onto their mail accounts or whatever, unless they also take passwords in using exactly the same hashing algorithm.
This has nothing to do with mail accounts...

What I was saying is that one Simutrans server host could use the password hashes from the players to potentially login as someone else on another Simutrans server not hosted by him if the player uses the same password for both servers.

If one could uniquely identify the server, then that identity could be used as a seed of sorts for the client to hash the password with. The result would be unique password hashes for each server even if the password strings are the same across servers.
Title: Re: openssl 1.1.0
Post by: Ters on September 09, 2016, 05:31:42 PM
Quote from: DrSuperGood on September 09, 2016, 04:27:31 PM
Except the server also does not know the plain text password. As such authentication is as simple as checking the hash received matches the hash stored for the password. Since the server owners know the hash of your password, they could in theory use it to authenticate themselves as you using a custom build of Simutrans.

It seems you are discussing only how Simutrans works. I am discussing how servers in general are supposed to work, and why Simutrans would be doing stuff wrong if it does things the way you write.

Quote from: DrSuperGood on September 09, 2016, 04:27:31 PM
This has nothing to do with mail accounts...

If passwords were not hashed, a server administrator that knows a users e-mail address could try to use the password to log onto the users e-mail server. Sometimes, that would work, and by being able to read the e-mails, he might gain access to all that user's accounts, talking over his virtual life. It is just an explanation on why it is bad to store plain-text passwords.

Quote from: DrSuperGood on September 09, 2016, 04:27:31 PM
What I was saying is that one Simutrans server host could use the password hashes from the players to potentially login as someone else on another Simutrans server not hosted by him if the player uses the same password for both servers.

If one could uniquely identify the server, then that identity could be used as a seed of sorts for the client to hash the password with. The result would be unique password hashes for each server even if the password strings are the same across servers.

This is what I assume salting is about. At least partially.