Displaying 4 results from an estimated 4 matches for "selphi".
Did you mean:
delphi
2016 Jul 21
3
Openssh use enumeration
On Thu, Jul 21, 2016 at 12:31 PM, Selphie Keller
<selphie.keller at gmail.com> wrote:
> Ahh i see, just got up to speed on the issue, so seems like the issue is
> related to blowfish being faster then sha family hashing for longer length
> passwords,
or the system's crypt() not understanding $2a$ -style salts, which
mo...
2016 Jul 21
2
Openssh use enumeration
I thought this was already addressed with the internal blowfish hash of
"$2a$06$r3.juUaHZDlIbQaO2dS9FuYxL1W9M81R1Tc92PoSNmzvpEqLkLGrK" to where all
passwords were checked against this to prevent timing analysis for user
enumeration.
On 20 July 2016 at 19:45, Darren Tucker <dtucker at zip.com.au> wrote:
> On Tue, Jul 19, 2016 at 11:10 PM, C0r3dump3d <coredump at
2016 Jul 21
4
Openssh use enumeration
On Wed, Jul 20, 2016 at 09:02:57PM -0600, Selphie Keller wrote:
> I wonder if could be useful to set the fall back account to something user
> defined to avoid suggesting people add passwords to root, though I do like
> root since the account is always there,
Since committing that diff I've heard of people running in production
with...
2016 Jul 21
2
Openssh use enumeration
On Thu, Jul 21, 2016 at 1:34 PM, Selphie Keller
<selphie.keller at gmail.com> wrote:
> yeah I like this idea, fixes the issue with blowfish hashes and non root
> passwords, maybe random delay as the final fall back if no salts/passwords
> are found.
Well if there are no accounts with a valid salt then there's also no...