From owner-freebsd-security@FreeBSD.ORG Sun Mar 13 21:06:54 2011 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2EE62106566B for ; Sun, 13 Mar 2011 21:06:54 +0000 (UTC) (envelope-from mbox@miguel.ramos.name) Received: from smtpauth.rollernet.us (smtpauth.rollernet.us [IPv6:2607:fe70:0:3::d]) by mx1.freebsd.org (Postfix) with ESMTP id F1A818FC14 for ; Sun, 13 Mar 2011 21:06:53 +0000 (UTC) Received: from smtpauth.rollernet.us (localhost [127.0.0.1]) by smtpauth.rollernet.us (Postfix) with ESMTP id 919EF59400C; Sun, 13 Mar 2011 14:06:41 -0700 (PDT) Received: from w500.local (a83-132-6-167.cpe.netcabo.pt [83.132.6.167]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: @miguel.ramos.name) by smtpauth.rollernet.us (Postfix) with ESMTPSA; Sun, 13 Mar 2011 14:06:40 -0700 (PDT) Received: from w500.local (w500.local [127.0.0.1]) by w500.local (8.14.4/8.14.4) with ESMTP id p2DL6Jlo006072; Sun, 13 Mar 2011 21:06:20 GMT Received: (from miguel@localhost) by w500.local (8.14.4/8.14.4/Submit) id p2DL6Ir9006070; Sun, 13 Mar 2011 21:06:18 GMT X-Authentication-Warning: w500.local: miguel set sender to mbox@miguel.ramos.name using -f From: Miguel Lopes Santos Ramos To: Peter Jeremy In-Reply-To: <20110313204054.GA5392@server.vk2pj.dyndns.org> References: <1299682310.17149.24.camel@w500.local> <1299769253.20266.23.camel@w500.local> <2E5C0CE8-4F70-4A4D-A91D-3274FD394C80@elvandar.org> <1299784361.18199.4.camel@w500.local> <20110310202653.GG9421@shame.svkt.org> <1299798547.20831.59.camel@w500.local> <20110313204054.GA5392@server.vk2pj.dyndns.org> Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Date: Sun, 13 Mar 2011 21:06:17 +0000 Message-ID: <1300050377.5900.12.camel@w500.local> Mime-Version: 1.0 X-Mailer: Evolution 2.32.2 X-Rollernet-Abuse: Processed by Roller Network Mail Services. Contact abuse@rollernet.us to report violations. Abuse policy: http://rollernet.us/abuse.php X-Rollernet-Submit: Submit ID 5712.4d7d31e0.b550c.0 Cc: freebsd-security@freebsd.org Subject: Re: It's not possible to allow non-OPIE logins only from trusted networks X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 13 Mar 2011 21:06:54 -0000 Seg, 2011-03-14 =C3=A0s 07:40 +1100, Peter Jeremy escreveu: > On 2011-Mar-10 23:09:07 +0000, Miguel Lopes Santos Ramos wrote: > >- The objection on S/KEY on that wiki page, that it's possible to > >compute all previous passwords, is a bit odd, since past passwords won't > >be used anymore. >=20 > One weakness of S/KEY and OPIE is that if an attacker finds the > password (response) for sequence N then they can trivially determine > the response for any sequence > N. This could occur if (eg) you have > a printout of OPIE keys and are just crossing them off (which was a > common recommendation prior to smart phones etc) - an attacker just > needs to memorise the lowest N and response. Ok, admittedly, it took me a while to see in what way that could be a weekness. It's a bit like hoping for a little remaining security after the password list was compromised. Personally, I would still prefer OPIE to OTPW. A calculator beats a list (for me). For instance, around here many banks provide little matrix cards from which they then ask for the numbers by row/column for access to some operations on home banking. Now, with banks, physical security matters. What do I do? None of the choices is good: if I hide the card, I can't use it... (obviously I encrypt the content with PGP and destroy the card). So, I think there's an elegance to the S/KEY solution that OTPW doesn't have. --=20 Miguel Ramos PGP A006A14C From owner-freebsd-security@FreeBSD.ORG Sun Mar 13 22:07:30 2011 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CF073106566B for ; Sun, 13 Mar 2011 22:07:30 +0000 (UTC) (envelope-from peterjeremy@acm.org) Received: from fallbackmx07.syd.optusnet.com.au (fallbackmx07.syd.optusnet.com.au [211.29.132.9]) by mx1.freebsd.org (Postfix) with ESMTP id 419778FC14 for ; Sun, 13 Mar 2011 22:07:29 +0000 (UTC) Received: from mail16.syd.optusnet.com.au (mail16.syd.optusnet.com.au [211.29.132.197]) by fallbackmx07.syd.optusnet.com.au (8.13.1/8.13.1) with ESMTP id p2DKfNmF004129 for ; Mon, 14 Mar 2011 07:41:23 +1100 Received: from server.vk2pj.dyndns.org (c220-239-116-103.belrs4.nsw.optusnet.com.au [220.239.116.103]) by mail16.syd.optusnet.com.au (8.13.1/8.13.1) with ESMTP id p2DKfKVQ013772 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 14 Mar 2011 07:41:21 +1100 X-Bogosity: Ham, spamicity=0.000000 Received: from server.vk2pj.dyndns.org (localhost.vk2pj.dyndns.org [127.0.0.1]) by server.vk2pj.dyndns.org (8.14.4/8.14.4) with ESMTP id p2DKf2IX064590; Mon, 14 Mar 2011 07:41:02 +1100 (EST) (envelope-from peter@server.vk2pj.dyndns.org) Received: (from peter@localhost) by server.vk2pj.dyndns.org (8.14.4/8.14.4/Submit) id p2DKevNi064587; Mon, 14 Mar 2011 07:41:01 +1100 (EST) (envelope-from peter) Date: Mon, 14 Mar 2011 07:40:56 +1100 From: Peter Jeremy To: Miguel Lopes Santos Ramos Message-ID: <20110313204054.GA5392@server.vk2pj.dyndns.org> References: <1299682310.17149.24.camel@w500.local> <1299769253.20266.23.camel@w500.local> <2E5C0CE8-4F70-4A4D-A91D-3274FD394C80@elvandar.org> <1299784361.18199.4.camel@w500.local> <20110310202653.GG9421@shame.svkt.org> <1299798547.20831.59.camel@w500.local> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="tKW2IUtsqtDRztdT" Content-Disposition: inline In-Reply-To: <1299798547.20831.59.camel@w500.local> X-PGP-Key: http://members.optusnet.com.au/peterjeremy/pubkey.asc User-Agent: Mutt/1.5.21 (2010-09-15) Cc: freebsd-security@freebsd.org Subject: Re: It's not possible to allow non-OPIE logins only from trusted networks X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 13 Mar 2011 22:07:30 -0000 --tKW2IUtsqtDRztdT Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2011-Mar-10 23:09:07 +0000, Miguel Lopes Santos Ramos wrote: >- The objection on S/KEY on that wiki page, that it's possible to >compute all previous passwords, is a bit odd, since past passwords won't >be used anymore. One weakness of S/KEY and OPIE is that if an attacker finds the password (response) for sequence N then they can trivially determine the response for any sequence > N. This could occur if (eg) you have a printout of OPIE keys and are just crossing them off (which was a common recommendation prior to smart phones etc) - an attacker just needs to memorise the lowest N and response. --=20 Peter Jeremy --tKW2IUtsqtDRztdT Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (FreeBSD) iEYEARECAAYFAk19K9YACgkQ/opHv/APuIcnugCfYPfTapafPzGfhZJGD5eP/Otu k5kAmwWfDI481VUuKfo6LDXin3YsgLF8 =Fo0q -----END PGP SIGNATURE----- --tKW2IUtsqtDRztdT-- From owner-freebsd-security@FreeBSD.ORG Sun Mar 13 22:31:52 2011 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C9528106566B for ; Sun, 13 Mar 2011 22:31:52 +0000 (UTC) (envelope-from rwmaillists@googlemail.com) Received: from mail-ww0-f50.google.com (mail-ww0-f50.google.com [74.125.82.50]) by mx1.freebsd.org (Postfix) with ESMTP id 5330E8FC13 for ; Sun, 13 Mar 2011 22:31:52 +0000 (UTC) Received: by wwc33 with SMTP id 33so5308006wwc.31 for ; Sun, 13 Mar 2011 15:31:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:date:from:to:subject:message-id:in-reply-to :references:x-mailer:mime-version:content-type :content-transfer-encoding; bh=hZ9hOJRFfIUI9a2WbcuIym1IVHFHBlKCx6feraZ2r8Y=; b=RPlXFuvFt4HrO1qxRqKVBSOao9/RNZh7v7MUsCfm8S6+BAf+wUHq5XZSafU3FisxbZ 208b1uxlIImgi31UiKUZUp4rBClGn3Rahh3ddEpjo5IkfaBJnOL9lQssirX8tGsyYnxY P79GNkeVYXYQ3YLe/lLgT5ZKWqFyq9CqiikYI= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=date:from:to:subject:message-id:in-reply-to:references:x-mailer :mime-version:content-type:content-transfer-encoding; b=E7r/zBNqasJcP1yK/DhKRLdgS6Ix7TxBzZBf0sH29bGksGakvNoYsAJvjOEX2Pz27E UbfK1mRzQzTsnGNgcPzp96M06kD+vRbjVJrRJ2Yq0clZEeu8+qY2KQaxqYPe52G34AcU mmsB0uufMEECZy/GQEYyqkcELhhNXfQ7pYtCQ= Received: by 10.216.142.230 with SMTP id i80mr5511600wej.1.1300053958014; Sun, 13 Mar 2011 15:05:58 -0700 (PDT) Received: from gumby.homeunix.com (87-194-105-247.bethere.co.uk [87.194.105.247]) by mx.google.com with ESMTPS id r57sm3484883wes.25.2011.03.13.15.05.55 (version=SSLv3 cipher=OTHER); Sun, 13 Mar 2011 15:05:57 -0700 (PDT) Date: Sun, 13 Mar 2011 22:05:52 +0000 From: RW To: freebsd-security@freebsd.org Message-ID: <20110313220552.5b79de13@gumby.homeunix.com> In-Reply-To: <1300050377.5900.12.camel@w500.local> References: <1299682310.17149.24.camel@w500.local> <1299769253.20266.23.camel@w500.local> <2E5C0CE8-4F70-4A4D-A91D-3274FD394C80@elvandar.org> <1299784361.18199.4.camel@w500.local> <20110310202653.GG9421@shame.svkt.org> <1299798547.20831.59.camel@w500.local> <20110313204054.GA5392@server.vk2pj.dyndns.org> <1300050377.5900.12.camel@w500.local> X-Mailer: Claws Mail 3.7.8 (GTK+ 2.22.1; i386-portbld-freebsd8.1) Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Subject: Re: It's not possible to allow non-OPIE logins only from trusted networks X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 13 Mar 2011 22:31:52 -0000 On Sun, 13 Mar 2011 21:06:17 +0000 Miguel Lopes Santos Ramos wrote: >=20 > Seg, 2011-03-14 =E0s 07:40 +1100, Peter Jeremy escreveu: > > On 2011-Mar-10 23:09:07 +0000, Miguel Lopes Santos Ramos > > wrote: > > >- The objection on S/KEY on that wiki page, that it's possible to > > >compute all previous passwords, is a bit odd, since past passwords > > >won't be used anymore. > >=20 > > One weakness of S/KEY and OPIE is that if an attacker finds the > > password (response) for sequence N then they can trivially determine > > the response for any sequence > N. This could occur if (eg) you > > have a printout of OPIE keys and are just crossing them off (which > > was a common recommendation prior to smart phones etc) - an > > attacker just needs to memorise the lowest N and response. >=20 > Ok, admittedly, it took me a while to see in what way that could be a > weekness. It's a bit like hoping for a little remaining security after > the password list was compromised. It means they can compute keys that they already have on the printout plus obsolete keys. In what sense is that a weakness? IIRC there is/was a weakness in FreeBSD's OPIE implementation in that it's susceptible to rainbow table attacks - I think part of the hash is discarded. From owner-freebsd-security@FreeBSD.ORG Tue Mar 15 10:35:11 2011 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id F34DB1065679 for ; Tue, 15 Mar 2011 10:35:11 +0000 (UTC) (envelope-from des@des.no) Received: from smtp.des.no (smtp.des.no [194.63.250.102]) by mx1.freebsd.org (Postfix) with ESMTP id E602A8FC16 for ; Tue, 15 Mar 2011 10:35:07 +0000 (UTC) Received: from ds4.des.no (des.no [84.49.246.2]) by smtp.des.no (Postfix) with ESMTP id CD30F1FFC34; Tue, 15 Mar 2011 10:35:06 +0000 (UTC) Received: by ds4.des.no (Postfix, from userid 1001) id A561E844B0; Tue, 15 Mar 2011 11:35:06 +0100 (CET) From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= To: RW References: <1299682310.17149.24.camel@w500.local> <1299769253.20266.23.camel@w500.local> <2E5C0CE8-4F70-4A4D-A91D-3274FD394C80@elvandar.org> <1299784361.18199.4.camel@w500.local> <20110310202653.GG9421@shame.svkt.org> <1299798547.20831.59.camel@w500.local> <20110313204054.GA5392@server.vk2pj.dyndns.org> <1300050377.5900.12.camel@w500.local> <20110313220552.5b79de13@gumby.homeunix.com> Date: Tue, 15 Mar 2011 11:35:06 +0100 In-Reply-To: <20110313220552.5b79de13@gumby.homeunix.com> (RW's message of "Sun, 13 Mar 2011 22:05:52 +0000") Message-ID: <86ipvky8md.fsf@ds4.des.no> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.2 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Cc: freebsd-security@freebsd.org Subject: Re: It's not possible to allow non-OPIE logins only from trusted networks X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Mar 2011 10:35:12 -0000 RW writes: > IIRC there is/was a weakness in FreeBSD's OPIE implementation in that > it's susceptible to rainbow table attacks - I think part of the hash > is discarded. Can you provide more details? AFAIK, OPIE was written to be 100% compatible with S/Key, so any weakness in OPIE is a design flaw in S/Key which cannot be corrected. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no From owner-freebsd-security@FreeBSD.ORG Tue Mar 15 10:43:26 2011 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 95367106564A for ; Tue, 15 Mar 2011 10:43:26 +0000 (UTC) (envelope-from des@des.no) Received: from smtp.des.no (smtp.des.no [194.63.250.102]) by mx1.freebsd.org (Postfix) with ESMTP id 4F3FA8FC0C for ; Tue, 15 Mar 2011 10:43:26 +0000 (UTC) Received: from ds4.des.no (des.no [84.49.246.2]) by smtp.des.no (Postfix) with ESMTP id 63B441FFC33; Tue, 15 Mar 2011 10:43:25 +0000 (UTC) Received: by ds4.des.no (Postfix, from userid 1001) id 2CCF1844B0; Tue, 15 Mar 2011 11:43:25 +0100 (CET) From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= To: Miguel Lopes Santos Ramos References: <1299682310.17149.24.camel@w500.local> <1299769253.20266.23.camel@w500.local> <2E5C0CE8-4F70-4A4D-A91D-3274FD394C80@elvandar.org> <1299784361.18199.4.camel@w500.local> <20110310202653.GG9421@shame.svkt.org> <1299798547.20831.59.camel@w500.local> <20110313204054.GA5392@server.vk2pj.dyndns.org> <1300050377.5900.12.camel@w500.local> Date: Tue, 15 Mar 2011 11:43:25 +0100 In-Reply-To: <1300050377.5900.12.camel@w500.local> (Miguel Lopes Santos Ramos's message of "Sun, 13 Mar 2011 21:06:17 +0000") Message-ID: <86ei68y88i.fsf@ds4.des.no> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.2 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Cc: freebsd-security@freebsd.org Subject: Re: It's not possible to allow non-OPIE logins only from trusted networks X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Mar 2011 10:43:26 -0000 Miguel Lopes Santos Ramos writes: > Ok, admittedly, it took me a while to see in what way that could be a > weekness. It's a bit like hoping for a little remaining security after > the password list was compromised. OPIE is not designed to protect against a stolen password list; it is designed to protect against replay attacks. With a key calculator, there is no password list to steal - but you need to make sure that nobody can sniff or shoulder-surf the password you type into the calculator. I know of at least one Java ME key calculator that will run on most Java-enabled smartphones. Unfortunately for Apple otakus, this does not include the iPhone, but the good news is that they can get a real phone for considerably less money. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no From owner-freebsd-security@FreeBSD.ORG Tue Mar 15 13:23:05 2011 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 59678106566B for ; Tue, 15 Mar 2011 13:23:05 +0000 (UTC) (envelope-from rwmaillists@googlemail.com) Received: from mail-ww0-f50.google.com (mail-ww0-f50.google.com [74.125.82.50]) by mx1.freebsd.org (Postfix) with ESMTP id D2ED38FC19 for ; Tue, 15 Mar 2011 13:23:04 +0000 (UTC) Received: by wwc33 with SMTP id 33so674018wwc.31 for ; Tue, 15 Mar 2011 06:23:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:date:from:to:subject:message-id:in-reply-to :references:x-mailer:mime-version:content-type :content-transfer-encoding; bh=Gc+1aVU7N+HWKV5RzFddw0pYClgMPtGu9mTfK2Dfx9k=; b=OQuG7gjcnprJz+xHzRy0XPVkwqpQZsWQ4hQ6anXXCFsZcW/i1gQXMiCIn604x0iQv4 Qe3MRbTMw1a5nLRqNwd2Mmg3OovacitI6j5ZPcpvbOMdBiAKz7spI88W0V4twUhOqepR 0BgzrarBv9xVKkQlwhb6APa7zFbRdkaub8Ta4= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=date:from:to:subject:message-id:in-reply-to:references:x-mailer :mime-version:content-type:content-transfer-encoding; b=RARMDDtZx/6rOAnHuKOhTEu14sCTEMZ//i3rSApifbHWwu6YgxDdz5VlFG/Aoyb6ai y8E5QpshRy3Rzu3U6G34p/ouI4ko4CezKqbfMSZ8pmWZkP4Z6wMLnW6za5UmknawCkMe KmZuizZadwXNA3uo+qZjxkH1HhrHGINjGWkZM= Received: by 10.227.197.210 with SMTP id el18mr5165280wbb.39.1300195383753; Tue, 15 Mar 2011 06:23:03 -0700 (PDT) Received: from gumby.homeunix.com (87-194-105-247.bethere.co.uk [87.194.105.247]) by mx.google.com with ESMTPS id n2sm351272wej.22.2011.03.15.06.23.01 (version=SSLv3 cipher=OTHER); Tue, 15 Mar 2011 06:23:02 -0700 (PDT) Date: Tue, 15 Mar 2011 13:22:58 +0000 From: RW To: freebsd-security@freebsd.org Message-ID: <20110315132258.01b8e976@gumby.homeunix.com> In-Reply-To: <86ipvky8md.fsf@ds4.des.no> References: <1299682310.17149.24.camel@w500.local> <1299769253.20266.23.camel@w500.local> <2E5C0CE8-4F70-4A4D-A91D-3274FD394C80@elvandar.org> <1299784361.18199.4.camel@w500.local> <20110310202653.GG9421@shame.svkt.org> <1299798547.20831.59.camel@w500.local> <20110313204054.GA5392@server.vk2pj.dyndns.org> <1300050377.5900.12.camel@w500.local> <20110313220552.5b79de13@gumby.homeunix.com> <86ipvky8md.fsf@ds4.des.no> X-Mailer: Claws Mail 3.7.8 (GTK+ 2.22.1; i386-portbld-freebsd8.1) Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Subject: Re: It's not possible to allow non-OPIE logins only from trusted networks X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Mar 2011 13:23:05 -0000 On Tue, 15 Mar 2011 11:35:06 +0100 Dag-Erling Sm=F8rgrav wrote: > RW writes: > > IIRC there is/was a weakness in FreeBSD's OPIE implementation in > > that it's susceptible to rainbow table attacks - I think part of > > the hash is discarded. >=20 > Can you provide more details? http://lists.freebsd.org/pipermail/freebsd-security/2009-February/005114.ht= ml From owner-freebsd-security@FreeBSD.ORG Tue Mar 15 21:03:24 2011 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4AF9F106566B for ; Tue, 15 Mar 2011 21:03:24 +0000 (UTC) (envelope-from mbox@miguel.ramos.name) Received: from smtpauth.rollernet.us (smtpauth.rollernet.us [IPv6:2607:fe70:0:3::d]) by mx1.freebsd.org (Postfix) with ESMTP id 1BB478FC1B for ; Tue, 15 Mar 2011 21:03:24 +0000 (UTC) Received: from smtpauth.rollernet.us (localhost [127.0.0.1]) by smtpauth.rollernet.us (Postfix) with ESMTP id D5C92594030; Tue, 15 Mar 2011 14:03:10 -0700 (PDT) Received: from w500.local (a83-132-6-167.cpe.netcabo.pt [83.132.6.167]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: @miguel.ramos.name) by smtpauth.rollernet.us (Postfix) with ESMTPSA; Tue, 15 Mar 2011 14:03:10 -0700 (PDT) Received: from w500.local (w500.local [127.0.0.1]) by w500.local (8.14.4/8.14.4) with ESMTP id p2FL2v9F009115; Tue, 15 Mar 2011 21:02:57 GMT Received: (from miguel@localhost) by w500.local (8.14.4/8.14.4/Submit) id p2FL2vQV009113; Tue, 15 Mar 2011 21:02:57 GMT X-Authentication-Warning: w500.local: miguel set sender to mbox@miguel.ramos.name using -f From: Miguel Lopes Santos Ramos To: RW , Dag-Erling =?ISO-8859-1?Q?Sm=F8rgrav?= In-Reply-To: <20110313220552.5b79de13@gumby.homeunix.com> References: <1299682310.17149.24.camel@w500.local> <1299769253.20266.23.camel@w500.local> <2E5C0CE8-4F70-4A4D-A91D-3274FD394C80@elvandar.org> <1299784361.18199.4.camel@w500.local> <20110310202653.GG9421@shame.svkt.org> <1299798547.20831.59.camel@w500.local> <20110313204054.GA5392@server.vk2pj.dyndns.org> <1300050377.5900.12.camel@w500.local> <20110313220552.5b79de13@gumby.homeunix.com> Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Date: Tue, 15 Mar 2011 21:02:56 +0000 Message-ID: <1300222976.7909.19.camel@w500.local> Mime-Version: 1.0 X-Mailer: Evolution 2.32.2 X-Rollernet-Abuse: Processed by Roller Network Mail Services. Contact abuse@rollernet.us to report violations. Abuse policy: http://rollernet.us/abuse.php X-Rollernet-Submit: Submit ID 63fb.4d7fd40e.73385.0 Cc: freebsd-security@freebsd.org Subject: Re: It's not possible to allow non-OPIE logins only from trusted networks X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Mar 2011 21:03:24 -0000 Dom, 2011-03-13 =C3=A0s 22:05 +0000, RW escreveu: > On Sun, 13 Mar 2011 21:06:17 +0000 > Miguel Lopes Santos Ramos wrote: > > Ok, admittedly, it took me a while to see in what way that could be a > > weekness. It's a bit like hoping for a little remaining security after > > the password list was compromised. >=20 > It means they can compute keys that they already have on the printout > plus obsolete keys. In what sense is that a weakness? Yes, also in my opinion that is not a weakness. I was trying to see the thing through the perspective of those who call it a weakness (it was a reply). Let's call it a non-strongness. The point that I took a while to see and which I think it's the reason why they say it's a weakness, is that if an attacker only came to possess a future password (one with a lower sequence number), then he can trivially compute all previous passwords. This is a non-strongness in the sense that if it weren't so, he might never get a chance of using that password. Ter, 2011-03-15 =C3=A0s 11:43 +0100, Dag-Erling Sm=C3=B8rgrav escreveu: Miguel Lopes Santos Ramos writes: > > Ok, admittedly, it took me a while to see in what way that could be a > > weekness. It's a bit like hoping for a little remaining security after > > the password list was compromised. >=20 > OPIE is not designed to protect against a stolen password list; it is > designed to protect against replay attacks. So I understand. That's why my words were such a faible concession to that point of view. The wikipedia page for OTPW actually states that as a disadvantage of OPIE, making several times the point that OTPW is resistent to the case of a stolen password list. They also make the questionable argument of a paper being more portable than a calculator, which I also understand but don't agree, because a calculator can be "transported" over the Internet easily. I've been using OPIE for several years now, and I don't think OTPW would fit my usage patterns. Sorry for cross-thread posting. --=20 Miguel Ramos PGP A006A14C From owner-freebsd-security@FreeBSD.ORG Tue Mar 15 22:44:31 2011 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B80DB106564A for ; Tue, 15 Mar 2011 22:44:31 +0000 (UTC) (envelope-from simias.n@gmail.com) Received: from mail-wy0-f182.google.com (mail-wy0-f182.google.com [74.125.82.182]) by mx1.freebsd.org (Postfix) with ESMTP id 40EE98FC08 for ; Tue, 15 Mar 2011 22:44:31 +0000 (UTC) Received: by wyf23 with SMTP id 23so1166059wyf.13 for ; Tue, 15 Mar 2011 15:44:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:date:from:to:subject:message-id :mail-followup-to:references:mime-version:content-type :content-disposition:content-transfer-encoding:in-reply-to :user-agent; bh=TaCuErHdB+Hj/GbezKAtdygeZKint80nPmjA5UTNaLI=; b=u29FjzgM5iN2HPaoxWJcpWvL19QxpK9CbgtDfBnsQANzKOzGY2VfgI/UazjWAmnVUK JZYNS/m3ZB6hpjg49AvDJW2JHhxcNNDsD+vAMHe+yGkph5bTozxn1cWzNdjkQ+GXXLj3 mYBO+sBtbptwJt1ASiFh3UEkVVmm3JY6tY0rE= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=date:from:to:subject:message-id:mail-followup-to:references :mime-version:content-type:content-disposition :content-transfer-encoding:in-reply-to:user-agent; b=vMYNRe9yqj3Vbjn3dJQuevUCDLDJG1NV8RslxzCveGco64KU0cHt25dyGDBZ5Sjbtl S64DXtt/3+YhrQuS3kNC4PU7JAc+dNUYmRyfESYD1hag8K9ygZhMEmZg/elWK3tzVchh YG4BJqacqNQ4Cxw+9UHEyaaRpc9+xEn3ol/rc= Received: by 10.216.142.13 with SMTP id h13mr4238285wej.7.1300229070350; Tue, 15 Mar 2011 15:44:30 -0700 (PDT) Received: from localhost (home.svkt.org [82.243.51.8]) by mx.google.com with ESMTPS id a50sm198537wer.18.2011.03.15.15.44.28 (version=TLSv1/SSLv3 cipher=OTHER); Tue, 15 Mar 2011 15:44:29 -0700 (PDT) Date: Tue, 15 Mar 2011 22:44:27 +0000 From: Lionel Flandrin To: freebsd-security@freebsd.org Message-ID: <20110315224427.GN9421@shame.svkt.org> Mail-Followup-To: freebsd-security@freebsd.org References: <1299769253.20266.23.camel@w500.local> <2E5C0CE8-4F70-4A4D-A91D-3274FD394C80@elvandar.org> <1299784361.18199.4.camel@w500.local> <20110310202653.GG9421@shame.svkt.org> <1299798547.20831.59.camel@w500.local> <20110313204054.GA5392@server.vk2pj.dyndns.org> <1300050377.5900.12.camel@w500.local> <20110313220552.5b79de13@gumby.homeunix.com> <1300222976.7909.19.camel@w500.local> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <1300222976.7909.19.camel@w500.local> User-Agent: Mutt/1.5.21 (2010-09-15) Subject: Re: It's not possible to allow non-OPIE logins only from trusted networks X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Mar 2011 22:44:31 -0000 On Tue, Mar 15, 2011 at 09:02:56PM +0000, Miguel Lopes Santos Ramos wrote: > > Dom, 2011-03-13 ąs 22:05 +0000, RW escreveu: > > On Sun, 13 Mar 2011 21:06:17 +0000 > > Miguel Lopes Santos Ramos wrote: > > > Ok, admittedly, it took me a while to see in what way that could be a > > > weekness. It's a bit like hoping for a little remaining security after > > > the password list was compromised. > > > > It means they can compute keys that they already have on the printout > > plus obsolete keys. In what sense is that a weakness? > > Yes, also in my opinion that is not a weakness. > I was trying to see the thing through the perspective of those who call > it a weakness (it was a reply). > Let's call it a non-strongness. > > The point that I took a while to see and which I think it's the reason > why they say it's a weakness, is that if an attacker only came to > possess a future password (one with a lower sequence number), then he > can trivially compute all previous passwords. > > This is a non-strongness in the sense that if it weren't so, he might > never get a chance of using that password. > Ter, 2011-03-15 ąs 11:43 +0100, Dag-Erling Smųrgrav escreveu: > Miguel Lopes Santos Ramos writes: > > > Ok, admittedly, it took me a while to see in what way that could be > a > > > weekness. It's a bit like hoping for a little remaining security > after > > > the password list was compromised. > > > > OPIE is not designed to protect against a stolen password list; it is > > designed to protect against replay attacks. > > So I understand. That's why my words were such a faible concession to > that point of view. > > The wikipedia page for OTPW actually states that as a disadvantage of > OPIE, making several times the point that OTPW is resistent to the case > of a stolen password list. > They also make the questionable argument of a paper being more portable > than a calculator, which I also understand but don't agree, because a > calculator can be "transported" over the Internet easily. > > I've been using OPIE for several years now, and I don't think OTPW would > fit my usage patterns. Agreed, I re-read the OTPW page in greater details, I didn't realize in my first read that it generates its password list "at random" and not using a master password. It does make calculators useless and is not what I was looking for. Sorry for not understanding that earlier. Still, some other features of OTPW could be integrated into OPIE's existing S/KEY algorithm, mainly the password prefix (gives me some time to revoke the master password if my cell phone gets stolen) and the locking preventing replay attacks. By reading more about the S/KEY algorithm I see why by design you can compute "higher" responses from any password and why it's clever, so it's probably a good idea not to mess with that; however 64 bits of entropy by password feels a bit short by today's standards. Of course increasing that might mean dropping the word list approach for a more random stream of characters unless you want to type a 50+ char passphrase to log in. > Sorry for cross-thread posting. -- Lionel Flandrin From owner-freebsd-security@FreeBSD.ORG Wed Mar 16 06:52:13 2011 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 79485106566B for ; Wed, 16 Mar 2011 06:52:13 +0000 (UTC) (envelope-from des@des.no) Received: from smtp.des.no (smtp.des.no [194.63.250.102]) by mx1.freebsd.org (Postfix) with ESMTP id 2FA4F8FC14 for ; Wed, 16 Mar 2011 06:52:12 +0000 (UTC) Received: from ds4.des.no (des.no [84.49.246.2]) by smtp.des.no (Postfix) with ESMTP id 34B3C1FFC58; Wed, 16 Mar 2011 06:52:12 +0000 (UTC) Received: by ds4.des.no (Postfix, from userid 1001) id DEA768452D; Wed, 16 Mar 2011 07:52:11 +0100 (CET) From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= To: Miguel Lopes Santos Ramos References: <1299682310.17149.24.camel@w500.local> <1299769253.20266.23.camel@w500.local> <2E5C0CE8-4F70-4A4D-A91D-3274FD394C80@elvandar.org> <1299784361.18199.4.camel@w500.local> <20110310202653.GG9421@shame.svkt.org> <1299798547.20831.59.camel@w500.local> <20110313204054.GA5392@server.vk2pj.dyndns.org> <1300050377.5900.12.camel@w500.local> <20110313220552.5b79de13@gumby.homeunix.com> <1300222976.7909.19.camel@w500.local> Date: Wed, 16 Mar 2011 07:52:11 +0100 In-Reply-To: <1300222976.7909.19.camel@w500.local> (Miguel Lopes Santos Ramos's message of "Tue, 15 Mar 2011 21:02:56 +0000") Message-ID: <86aagvy2uc.fsf@ds4.des.no> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.2 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Cc: freebsd-security@freebsd.org, RW Subject: Re: It's not possible to allow non-OPIE logins only from trusted networks X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Mar 2011 06:52:13 -0000 Miguel Lopes Santos Ramos writes: > They also make the questionable argument of a paper being more > portable than a calculator, which I also understand but don't agree, > because a calculator can be "transported" over the Internet easily. Perhaps, perhaps not. It depends on how much you trust the browser. However, pretty much everyone these days carries a mobile phone capable of running a key calculator. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no From owner-freebsd-security@FreeBSD.ORG Wed Mar 16 07:35:38 2011 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BBED1106566B for ; Wed, 16 Mar 2011 07:35:38 +0000 (UTC) (envelope-from des@des.no) Received: from smtp.des.no (smtp.des.no [194.63.250.102]) by mx1.freebsd.org (Postfix) with ESMTP id 725168FC0A for ; Wed, 16 Mar 2011 07:35:38 +0000 (UTC) Received: from ds4.des.no (des.no [84.49.246.2]) by smtp.des.no (Postfix) with ESMTP id 4F13B1FFC58; Wed, 16 Mar 2011 07:35:37 +0000 (UTC) Received: by ds4.des.no (Postfix, from userid 1001) id 268F9844B0; Wed, 16 Mar 2011 08:35:37 +0100 (CET) From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= To: RW References: <1299682310.17149.24.camel@w500.local> <1299769253.20266.23.camel@w500.local> <2E5C0CE8-4F70-4A4D-A91D-3274FD394C80@elvandar.org> <1299784361.18199.4.camel@w500.local> <20110310202653.GG9421@shame.svkt.org> <1299798547.20831.59.camel@w500.local> <20110313204054.GA5392@server.vk2pj.dyndns.org> <1300050377.5900.12.camel@w500.local> <20110313220552.5b79de13@gumby.homeunix.com> <86ipvky8md.fsf@ds4.des.no> <20110315132258.01b8e976@gumby.homeunix.com> Date: Wed, 16 Mar 2011 08:35:37 +0100 In-Reply-To: <20110315132258.01b8e976@gumby.homeunix.com> (RW's message of "Tue, 15 Mar 2011 13:22:58 +0000") Message-ID: <8662rjy0ty.fsf@ds4.des.no> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.2 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Cc: freebsd-security@freebsd.org Subject: Re: It's not possible to allow non-OPIE logins only from trusted networks X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Mar 2011 07:35:38 -0000 RW writes: > Dag-Erling Sm=C3=B8rgrav writes: > > RW writes: > > > IIRC there is/was a weakness in FreeBSD's OPIE implementation in > > > that it's susceptible to rainbow table attacks - I think part of > > > the hash is discarded. > > Can you provide more details? > http://lists.freebsd.org/pipermail/freebsd-security/2009-February/005114.= html Heh :) My first comment was a reference to the quality of the code, not the design. My second comment is basically the same thing I just said - we cannot change this without breaking compatibility. DES --=20 Dag-Erling Sm=C3=B8rgrav - des@des.no From owner-freebsd-security@FreeBSD.ORG Wed Mar 16 07:43:27 2011 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C587A106564A for ; Wed, 16 Mar 2011 07:43:27 +0000 (UTC) (envelope-from alexander@leidinger.net) Received: from mail.ebusiness-leidinger.de (mail.ebusiness-leidinger.de [217.11.53.44]) by mx1.freebsd.org (Postfix) with ESMTP id 6DD2C8FC14 for ; Wed, 16 Mar 2011 07:43:27 +0000 (UTC) Received: from outgoing.leidinger.net (p5B15565A.dip.t-dialin.net [91.21.86.90]) by mail.ebusiness-leidinger.de (Postfix) with ESMTPSA id AFDD984400E; Wed, 16 Mar 2011 08:25:10 +0100 (CET) Received: from webmail.leidinger.net (unknown [IPv6:fd73:10c7:2053:1::2:102]) by outgoing.leidinger.net (Postfix) with ESMTP id C221A2D1F; Wed, 16 Mar 2011 08:25:06 +0100 (CET) Received: (from www@localhost) by webmail.leidinger.net (8.14.4/8.13.8/Submit) id p2G7OUHC061647; Wed, 16 Mar 2011 08:24:30 +0100 (CET) (envelope-from Alexander@Leidinger.net) Received: from pslux.ec.europa.eu (pslux.ec.europa.eu [158.169.9.14]) by webmail.leidinger.net (Horde Framework) with HTTP; Wed, 16 Mar 2011 08:24:30 +0100 Message-ID: <20110316082430.55551xliwa7dte4g@webmail.leidinger.net> Date: Wed, 16 Mar 2011 08:24:30 +0100 From: Alexander Leidinger To: Dag-Erling =?utf-8?b?U23Dg8K4cmdyYXY=?= References: <1299682310.17149.24.camel@w500.local> <1299769253.20266.23.camel@w500.local> <2E5C0CE8-4F70-4A4D-A91D-3274FD394C80@elvandar.org> <1299784361.18199.4.camel@w500.local> <20110310202653.GG9421@shame.svkt.org> <1299798547.20831.59.camel@w500.local> <20110313204054.GA5392@server.vk2pj.dyndns.org> <1300050377.5900.12.camel@w500.local> <20110313220552.5b79de13@gumby.homeunix.com> <1300222976.7909.19.camel@w500.local> <86aagvy2uc.fsf@ds4.des.no> In-Reply-To: <86aagvy2uc.fsf@ds4.des.no> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; DelSp="Yes"; format="flowed" Content-Disposition: inline Content-Transfer-Encoding: quoted-printable User-Agent: Dynamic Internet Messaging Program (DIMP) H3 (1.1.4) X-EBL-MailScanner-Information: Please contact the ISP for more information X-EBL-MailScanner-ID: AFDD984400E.A1024 X-EBL-MailScanner: Found to be clean X-EBL-MailScanner-SpamCheck: not spam, spamhaus-ZEN, SpamAssassin (not cached, score=1.351, required 6, autolearn=disabled, RDNS_NONE 1.27, TW_XM 0.08) X-EBL-MailScanner-SpamScore: s X-EBL-MailScanner-From: alexander@leidinger.net X-EBL-MailScanner-Watermark: 1300865113.54541@xEet2PEJW4vjyWFyQMQUJg X-EBL-Spam-Status: No X-Mailman-Approved-At: Wed, 16 Mar 2011 11:25:25 +0000 Cc: freebsd-security@freebsd.org, Miguel Lopes Santos Ramos , RW Subject: Re: It's not possible to allow non-OPIE logins only from trusted networks X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Mar 2011 07:43:27 -0000 Quoting Dag-Erling Sm=C3=83=C2=B8rgrav (from Wed, 16 Mar 2011 = =20 07:52:11 +0100): > Miguel Lopes Santos Ramos writes: >> They also make the questionable argument of a paper being more >> portable than a calculator, which I also understand but don't agree, >> because a calculator can be "transported" over the Internet easily. > > Perhaps, perhaps not. It depends on how much you trust the browser. > However, pretty much everyone these days carries a mobile phone capable > of running a key calculator. Maybe a little bit unrelated, but: for which kinds of logins do you =20 use OPIE? SSH or generic OS logins are obvious places to use it, but I =20 am more interested in other uses. I already use it in wordpress, but I =20 still search a way to use it for IMAP (there seems to be a protocol =20 enhancement for it, but I didn't find an implementation so far), =20 gallery2 and ejabberd (if xmpp allows something like this) without the =20 need to let them use system users (e.g. the IMAP user/pw are currently =20 in MySQL, the xmpp users are in the ejabberd internal DB, ...). Anyone with ideas regarding this? It would also be nice to hear other possibilities where OPIE can be =20 used (snmp auth?). Bye, Alexander, --=20 Yesterday I was a dog. Today I'm a dog. Tomorrow I'll probably still be a dog. Sigh! There's so little hope for advancement. =09=09-- Snoopy http://www.Leidinger.net Alexander @ Leidinger.net: PGP ID =3D B0063FE7 http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID =3D 72077137