Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 28 Jan 2010 15:11:32 -0800 (PST)
From:      Matthew Dillon <dillon@apollo.backplane.com>
To:        freebsd-security@freebsd.org
Subject:   Re: PHK's MD5 might not be slow enough anymore
Message-ID:  <201001282311.o0SNBWp4003678@apollo.backplane.com>
References:  <20100128182413.GI892@noncombatant.org> <9d972bed1001281324r29b4b93bw9ec5bc522d0e2764@mail.gmail.com> <20100128224022.396588dc@gumby.homeunix.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
    Just give up and turn off tunneled plaintext passwords over the
    network.  No (non-kerberos) telnetd, rlogind, (non anonymous) ftpd, etc.
    Just run sshd and put this in your sshd_config:

	# To disable tunneled clear text passwords, change to no here!
	PasswordAuthentication no

    Local passwords can still be used for things like a (restricted) sudo,
    console root logins, and X/xdm.  Disallowing remote passworded logins
    removes the primary attack vector, which is over the network.

    You'd probably want to adjust /etc/login.access too since for
    some reason beyond my comprehension /usr/bin/login can be run from
    pty's to cross-login locally (with a password).

    So even if the attacker knows the password he is SOL without physical
    access.

    --

    The problem with stolen master.passwd files is that you often don't
    know the file has been stolen until the hacker actually starts using
    the compromised accounts.  In otherwords, the hacker has as much time
    as he wants to break the file before having to worry about someone
    reacting to it.  This makes the concept of multiplying the analysis
    cost almost completely worthless above and beyond everything else
    mentioned.

    Mostly these protections against stolen master.passwd files aren't
    so much to protect the machine against being hacked (since it was
    hacked already to get the file in the first place), but instead to
    reduce the work involved when cleaning up after a hack incident.
    It's best to limit the damage by making the stolen file simply not
    be useful to a remote attacker.

					-Matt
					Matthew Dillon 
					<dillon@backplane.com>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201001282311.o0SNBWp4003678>