There are plenty of examples to hash the X-Trace or Injection-Info header details to provide obfuscation while allowing consistent header data other users can use to filter if they wish, but I'm looking for functionality like that of Diablo's X-Trace encryption, where it is reversible to the administrator. I had started a thread many years ago on the same topic, and some links were given to Albasani's SVN repo, which is offline, and not available via archive.org.
There are plenty of examples to hash the X-Trace or Injection-Info header
details to provide obfuscation while allowing consistent header data other >> users can use to filter if they wish, but I'm looking for functionality like >> that of Diablo's X-Trace encryption, where it is reversible to the
administrator.
If you want to use this in the filter_nnrpd Perl filter, take a look at
https://metacpan.org/pod/Crypt::CBC
If posting-account is "myuser", nnrpd would then write "U2FsdGVkX1+AIde8W1/6D7PFN0YrP0pekyWK4Vt4qhM=" instead, using the
suggested CBC algorithm:
% echo "myuser" | openssl enc -aes-256-cbc -pbkdf2 -base64 -pass pass:XXX U2FsdGVkX1+AIde8W1/6D7PFN0YrP0pekyWK4Vt4qhM=
Hi Jesse and Wolfgang,
There are plenty of examples to hash the X-Trace or Injection-Info header >>> details to provide obfuscation while allowing consistent header data other >>> users can use to filter if they wish, but I'm looking for functionality like
that of Diablo's X-Trace encryption, where it is reversible to the
administrator.
If you want to use this in the filter_nnrpd Perl filter, take a look at
https://metacpan.org/pod/Crypt::CBC
Would it then be useful if we had a new block in inn-secrets.conf:
encryption {
injection-info: "XXX"
}
and a new encryptinjectioninfo parameter (true/false) in access blocks
of readers.conf to automatically encrypt the posting-host and
posting-account information?
If posting-account is "myuser", nnrpd would then write "U2FsdGVkX1+AIde8W1/6D7PFN0YrP0pekyWK4Vt4qhM=" instead, using the
suggested CBC algorithm:
% echo "myuser" | openssl enc -aes-256-cbc -pbkdf2 -base64 -pass pass:XXX U2FsdGVkX1+AIde8W1/6D7PFN0YrP0pekyWK4Vt4qhM=
Decoding could be done with the following command:
% echo "U2FsdGVkX1+AIde8W1/6D7PFN0YrP0pekyWK4Vt4qhM=" | openssl enc -aes-256-cbc -pbkdf2 -base64 -pass pass:XXX -d
myuser
Any comments about that suggestion?
Would it be useful for news admins?
Any other information that should be obfuscated in header fields?
This sounds like a good idea. The other thing I noticed related to
injection information is that if addinjectionpostinghost is true, the
host is included in the Path header as well. I am primarily concerned
about identifying the authenticated user, so I am fine leaving it set
to false, but obfuscating the posting-host in the Injection-Info header
alone may not be enough for some admins.
Yes, the posting-host information recorded in both Injection-Info and Path header fields should be encrypted. We cannot leave one alone.
Yes, the posting-host information recorded in both Injection-Info and Path >> header fields should be encrypted. We cannot leave one alone.
I'm not sure I'm a big fan of encrypted blobs in the Path header. Is that serving any protocol purpose over simply omitting that information
entirely?
Any other information that should be obfuscated in header fields?
This sounds like a good idea. The other thing I noticed related to injection information is that if addinjectionpostinghost is true, the host is included in the Path header as well. I am primarily concerned about identifying the authenticated user, so I am fine leaving it set to false, but obfuscating the posting-host in the Injection-Info header alone may not be enough for some admins.
I would not use AES-CBC for any new application. It's not authenticated, which opens it to various problems.
AES-CBC-HMAC is better, but it's a
complicated algorithm that's very easy to make mistakes with.
AES-GCM-SIV is probably the most foolproof of readily available encryption algorithms. Unfortunately, it's not supported by openssl enc, and it's a fairly new addition to the OpenSSL libraries. Other good options would be AES-GCM or ChaCha20-Poly1305 (which require unique nonces, but given the volume of a typical INN nnrpd server we can probably get away with random nonces), which have been supported for longer but similarly aren't
supported by openssl enc.
PBKDF2 is also a pretty bad key derivation function. It probably doesn't matter that much, but scrypt or bcrypt would be much better.
Unfortuantely, openssl enc is not a very good tool. :(
how to obfuscate Injection-Info and just use "!.POSTED" (without theposting-host)
how to reject articles containing something in one of their header fields how to reject articles crossposted to x and y
how to...
Hi Russ,
Yes, the posting-host information recorded in both Injection-Info and Path >>> header fields should be encrypted. We cannot leave one alone.
I'm not sure I'm a big fan of encrypted blobs in the Path header. Is that >> serving any protocol purpose over simply omitting that information
entirely?
You're totally right, just removing it from the Path header field is the
best thing to do ("!.POSTED" alone).
some links were given to Albasani's SVN repo, which is offline, and not available via archive.org.
Jesse Rehmer schrieb:
some links were given to Albasani's SVN repo, which is offline, and not
available via archive.org.
The repos seem to be lost in the hardware failure of news.albasani.net. I have a checkout of those repos available, without history, and plan to
bring them online again some day ... as time permits.
| Sysop: | Keyop |
|---|---|
| Location: | Huddersfield, West Yorkshire, UK |
| Users: | 546 |
| Nodes: | 16 (2 / 14) |
| Uptime: | 31:16:39 |
| Calls: | 10,391 |
| Calls today: | 2 |
| Files: | 14,064 |
| Messages: | 6,417,107 |