On Thu, Jul 21, 2016 at 1:34 PM, Selphie Keller <selphie.keller at gmail.com> wrote:> yeah I like this idea, fixes the issue with blowfish hashes and non root > passwords, maybe random delay as the final fall back if no salts/passwords > are found.Well if there are no accounts with a valid salt then there's also no valid account to compare the timing of invalid accounts against. Worst case that'd be DES crypt vs empty password and I'm not sure if you'd be able to pick that out of the background crypto.> Seems rare, but I do have one box that I use ssh keys on and none > of the accounts have a hash set, but I also don't have password auth > enabled.IMO random delays are overrated for mitigating timing attacks; you can look for inconsistent behaviour as the indicator of whatever you're looking for. -- Darren Tucker (dtucker at zip.com.au) GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new) Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.
On Thu, Jul 21, 2016 at 1:48 PM, Darren Tucker <dtucker at zip.com.au> wrote: [...]> Well if there are no accounts with a valid salt then there's also no > valid account to compare the timing of invalid accounts against. > Worst case that'd be DES crypt vs empty password and I'm not sure if > you'd be able to pick that out of the background crypto.I just measured the speed of DES crypt on a somewhat elderly 2.1GHz Xeon X3210 at about 7 microseconds. Good luck picking that out of Diffie-Hellman exchange over a network. -- Darren Tucker (dtucker at zip.com.au) GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new) Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.
Darren, If you have time could you try the actual tool against the new patch curious to see how it stands up https://github.com/c0r3dump3d/osueta On 20 July 2016 at 22:27, Darren Tucker <dtucker at zip.com.au> wrote:> On Thu, Jul 21, 2016 at 1:48 PM, Darren Tucker <dtucker at zip.com.au> wrote: > [...] > > Well if there are no accounts with a valid salt then there's also no > > valid account to compare the timing of invalid accounts against. > > Worst case that'd be DES crypt vs empty password and I'm not sure if > > you'd be able to pick that out of the background crypto. > > I just measured the speed of DES crypt on a somewhat elderly 2.1GHz > Xeon X3210 at about 7 microseconds. Good luck picking that out of > Diffie-Hellman exchange over a network. > > -- > Darren Tucker (dtucker at zip.com.au) > GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new) > Good judgement comes with experience. Unfortunately, the experience > usually comes from bad judgement. >