PfSense 2.5 will only work with AES-NI capable CPUs
-
So, does "cloud management platform" refer to a public cloud only system or can we install a private cloud instance on-premise?
"The webGUI will be present either on our cloud service or on-device, both talking to the ‘back-end’ on the device…
You answered yourself, the on-premise version is on-device.
If it can be used to control multiple local installations we'll see when it's available. Too much can change until then to make an educated guess today. -
This is a fairly annoying news, since I deployed several pfSense routers on HP MicroServer Gen8 hardware in the last few months, which are based on Celeron G1610T, which does not support AES-NI.
-
I don't think that makes any more sense. Changing the interface isn't a good reason to drop devices without AES-NI.
It's not because they're changing the interface, it's because of how they want to implement their cloud service. It's up to you to decide how well your priorities converge with that.
I'm just considering to get a QOTOM-Q355G4 Core i5 unit , to get starting w. pfSense.
Now i'm a bit worried … Will the new GUI require some kind of access to a "cloud" ?
Did i misunderstand something ??There's no way i'll ever let some external connection (Cloud or other) to be a requirement for running my firewall.
It has to run 100% normal wo. any connections to the internet.Else i just have to continue with my Linux Firewall Builder project , or get a
PIX-506ASA-5506.I dropped the FW-Builder due to pfSense having a nice solution for "It ALL" , FW , IDS ,DHCP etc.
But not for a "Cloud Service" or requirement.REST API's could be cool as SDN will be the future.
Thanx for any info
/Bingo
-
Now i'm a bit worried … Will the new GUI require some kind of access to a "cloud" ?
Did i misunderstand something ??There's no way i'll ever let some external connection (Cloud or other) to be a requirement for running my firewall.
It has to run 100% normal wo. any connections to the internet.From the blog post:
The webGUI will be present either on our cloud service or on-device, both talking to the ‘back-end’ (written in ‘C’) on the device via a RESTCONF interface. This is just as I said back in February 2015.
So no, you shouldn't need need to use the cloud management option. You can instead use the webGUI hosted on the pfSense box itself, just like you do now.
-
We are giving everyone a heads up for almost two years in advance, they will require a CPU from 2011 or newer. When pfSense 2.5 is released, pfSense 2.4 will be supported for another year or so.
To be fair, not all chips released in/after 2011 included AES-NI. The low-power Celerons come to mind.
And some ATOM processors… :-\
Sales Order Date: 1/11/2015 11:46:56 AM
JetWay JNF9B-2700 Intel Atom D2700 2.13GHz Intel N -
The additional clarification from the developers was nice, but I still have some lingering concerns.
First, it appears that the AES side-channel attack (or any other attacks on AES) only matter if you use their cloud management or a VPN. I absolutely understand them wanting to secure their cloud management, so making AES-NI a requirement for that is fine. However, many people would be willing to accept the risk when running a VPN, and many more don't use the VPN at all.
For local management, the only way to see the encrypted data in transit is to be on the local machine, and at that point, you are attacking yourself. Rather than blanket require AES-NI, I think it should only be required for the cloud management (and maybe for VPN usage), since most home use, and even many small businesses, will not be using AES aside from the loopback iface for management.
My other issue is AES-NI is not nearly as common on embedded systems as people here are saying. Sure, if you are using desktop or server hardware for pfSense, you probably already have AES-NI, but if you are using embedded systems for a fanless low-power remote office setup (I have 3 remote sites like this), then AES-NI is not a given.
By way of example, this is the list of Intel processors currently being sold with at least 2 cores and that DON'T have AES-NI: https://ark.intel.com/Search/FeatureFilter?productType=processors&CoreCountMin=2&AESTech=false&FilterCurrentProducts=true
At this time, there are 233 processors on that list. If you restrict yourself to 4+ core processors, there are still 59 actively sold processors without AES-NI! Several of them were launched Q4 of last year, so we aren't just talking old stock laying around.This has hit me particularly, because I very recently purchased Qotom fanless PCs with both the Intel J1900 (4 core, Q4'13) and the Intel 3215U (2 core, Q2'15); both CPU designs are much newer than the AES-NI. Yet, none of my remote sites will be able to upgrade to pfSense 2.5 without new hardware. Since all the remote sites have sub-100Mbps internet, going to a newer CPU will provide no tangible benefit to the users, since I have no plans to use the cloud management features.
I would implore the developers to only require AES-NI if you plan to use one of the features that actually exposes an AES encrypted channel to the internet, such as cloud management or a VPN. And for the VPN, only our security is on the line, so IMO that should be a warning, not a requirement.
-
Didn't they say somewhere on here or on the blog that the reason to require AES-NI was because the workload of implementing future pfSense features was too high of they had to support non AES-NI platforms as well? Or d something along those lines.
Sounds like a smart move to me. I'd rather they make realistic goals that they can continue delivering a solid product on than try to accomplish something they already determined was improbable.
I'm sure a handful of users will leave over this but ultimately it seems like a sound decision based in reality.
-
Didn't they say somewhere on here or on the blog that the reason to require AES-NI was because the workload of implementing future pfSense features was too high of they had to support non AES-NI platforms as well? Or d something along those lines.
Unfortunately, nobody has any clue what that means because they also said they're not rolling their own crypto, and existing crypto libraries already implement a number of different algorithms with side channel resistance. All they've said so far is that that only want to use one particular algorithm out of the set of algorithms available, and they don't want to say more because reasons, which just leaves everyone to speculate. My speculation is that it has something to do with their cloud strategy (though even that doesn't make much sense), but we'll see.
I personally think enabling only one crypto mode with no fallback available to anything else is nuts, but it's not my sandbox.
-
Didn't they say somewhere on here or on the blog that the reason to require AES-NI was because the workload of implementing future pfSense features was too high of they had to support non AES-NI platforms as well? Or d something along those lines.
What they said was this:
With AES you either design, test, and verify a bitslice software implementation, (giving up a lot of performance in the process), leverage hardware offloads, or leave the resulting system open to several known attacks. We have selected the “leverage hardware offloads” path. The other two options are either unthinkable, or involve a lot of effort for diminishing returns.
You might reasonably interpret these sentences as implying that if pfSense didn't simply use AES-NI (and other hardware implementations, like Marvell's CESA), then the pfSense developers would need to implement their own bit-sliced AES implementation.
But, that's not what it means. pfSense should already be running a bit-sliced AES implementation on any CPU that supports SSE3. Why? Because pfSense uses OpenSSL, and OpenSSL uses such an implementation when AES-NI isn't available, but SSE3 is.
That is, unless the pfSense devs disabled it when they built OpenSSL.
-
:'(
sad day for the home users. -
:'(
sad day for the home users.Lol, is it really? Maybe, but no one knows what this even means. This is all just speculation, chill out.
-
Lol, is it really? Maybe, but no one knows what this even means. This is all just speculation, chill out.
Huh? How is an announcement from the developers "just speculation"? What are you saying isn't known?
-
Lol, is it really? Maybe, but no one knows what this even means. This is all just speculation, chill out.
Huh? How is an announcement from the developers "just speculation"? What are you saying isn't known?
What isn't known is the reason behind their decision to require AES-NI.
So, saying that any of this is a "sad day for home users" is speculation. This is just a bunch of people on the internets freaking out over something they can't fully understand yet…
-
What isn't known is the reason behind their decision to require AES-NI.
So, saying that any of this is a "sad day for home users" is speculation. This is just a bunch of people on the internets freaking out over something they can't fully understand yet…
First, the "sad day for home users" comment is presumably a reference to the announcement that the pfSense devs would rather leave behind home users who may have fairly recently bought Atom/Celeron (and even early i3) systems that lack AES-NI, than simply continue to let OpenSSL run with its existing bit-sliced AES implementation. Even if there was a good reason for AES-NI, it still sucks to leave those users behind (at least, from their perspective) instead of implementing some other solution. So, I don't really see the speculation there.
Second, did you see the second blog post? It's fairly detailed about the explanation. I personally don't think it justifies the decision, but it doesn't seem like there are big unknowns.
-
If all peoples, users and customers are spending $2 per year we could have all things we want!
-
(…)
"The webGUI will be present either on our cloud service or on-device, both talking to the ‘back-end’ (written in ‘C’) on the device via a RESTCONF interface."Will this "‘back-end’ (written in ‘C’)" be open source?
I would be interested to know this as well.
-
Lol, is it really? Maybe, but no one knows what this even means. This is all just speculation, chill out.
Huh? How is an announcement from the developers "just speculation"? What are you saying isn't known?
What isn't known is the reason behind their decision to require AES-NI.
So, saying that any of this is a "sad day for home users" is speculation. This is just a bunch of people on the internets freaking out over something they can't fully understand yet…
They specifically associated the rationale with "tens of thousands" of hits on a cloud back end. (Which isn't really that much–so it isn't clear why chacha20 is out, except maybe this is a way to screw with a certain hardware vendor that netgate has made no effort to hide their hostility towards, and who sells a lot of j1900 kit.)
-
They specifically associated the rationale with "tens of thousands" of hits on a cloud back end.
As someone stated on reddit, wouldn't that only the require the cloud server to have AES-NI? Why does the box at the remote location need it, it's not like it's getting hit with tens of thousands of requests.
-
Lol, is it really? Maybe, but no one knows what this even means. This is all just speculation, chill out.
Huh? How is an announcement from the developers "just speculation"? What are you saying isn't known?
What isn't known is the reason behind their decision to require AES-NI.
So, saying that any of this is a "sad day for home users" is speculation. This is just a bunch of people on the internets freaking out over something they can't fully understand yet…
They specifically associated the rationale with "tens of thousands" of hits on a cloud back end. (Which isn't really that much–so it isn't clear why chacha20 is out, except maybe this is a way to screw with a certain hardware vendor that netgate has made no effort to hide their hostility towards, and who sells a lot of j1900 kit.)
ChaCha20 is a marginally-standardized algorithm. It's specified in a purely optional extension to TLS v1.2, and I don't think the algorithm is recognized in any standards outside of IETF. It's a nice algorithm. It doesn't have anything approaching the analysis that's gone into AES, but it's a solid design is almost certainly safe to use. But corporate customers might want to stick to things more broadly accepted.
And, AES still has a performance advantage over ChaCha20 when using AES-NI.
Anyways, performance doesn't appear to be the motivating factor here. Performance considerations may drive them to use AES-NI on Netgate's cloud systems, but I can't imagine that RESTCONF is so chatty that there would be performance issues on the local pfSense boxes (and if it is, then we have bigger problems).
The blog post really focuses on the cache timing attacks.
-
I dig how this "controversy" has started some lively dialogue. They should do this more often.
