From owner-freebsd-hackers Tue Apr 23 9:42:42 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mailout03.sul.t-online.com (mailout03.sul.t-online.com [194.25.134.81]) by hub.freebsd.org (Postfix) with ESMTP id EB43A37B416 for ; Tue, 23 Apr 2002 09:42:32 -0700 (PDT) Received: from fwd06.sul.t-online.de by mailout03.sul.t-online.com with smtp id 1703N8-0002aY-0E; Tue, 23 Apr 2002 18:42:30 +0200 Received: from frolic.no-support.loc (520094253176-0001@[80.130.207.226]) by fmrl06.sul.t-online.com with esmtp id 1703Mk-05vvRAC; Tue, 23 Apr 2002 18:42:06 +0200 Received: (from bjoern@localhost) by frolic.no-support.loc (8.11.6/8.9.3) id g3NGe5v00813; Tue, 23 Apr 2002 18:40:05 +0200 (CEST) (envelope-from bjoern) From: Bjoern Fischer Date: Tue, 23 Apr 2002 18:40:05 +0200 To: Jordan Hubbard Cc: hackers@FreeBSD.ORG Subject: OT: Better fake challenges [Re: ssh + compiled-in SKEY support considered harmful?] Message-ID: <20020423164005.GB258@frolic.no-support.loc> References: <200204230039.g3N0dQ8i011313@winston.freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable In-Reply-To: <200204230039.g3N0dQ8i011313@winston.freebsd.org> User-Agent: Mutt/1.3.25i X-Sender: 520094253176-0001@t-dialin.net Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hello, > jhubbard@wafer-> ssh jkh@winston.freebsd.org > otp-md5 114 wi7854 ext > S/Key Password:=20 > otp-md5 117 wi5044 ext > S/Key Password:=20 > otp-md5 397 wi0652 ext > S/Key Password:=20 > jkh@winston.freebsd.org's password:=20 If anyone is concerned about revealing too much information on valid/invalid OTP login names through S/Key or OPIE fake challanges, here is a proof of concept of a much better stateless fake challenge generator. It shouldn't be possible to distuingish valid from invalid OTP login names by just giving a few login attempts. It would not last a statistical analysis, but that many failed login attempts should show up in the logs and raise an alert condition. -Bj=F6rn =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D #!/usr/bin/perl -w # # It should not be important to have two distinct secrets # my $secret1 =3D "Soylent Green is human!"; my $secret2 =3D "Komm suesser Tod (BWV 471)"; # # The sequence number should not drop beyond 3, since the user needs # a sequence number to reset the counter. # my $init_seq =3D 499; my $min_seq =3D 2; my $max_seq =3D $init_seq - $min_seq; # # get_fake_challenge(const char *login, time_t esec) # # This subroutine computes a sufficiently good fake sequence # for a given login name and a date. # sub get_fake_challenge { my ($login, $esec) =3D @_; # # Assuming, a user logs in a few times a day, we have to use a login # schedule, that is constant (but different) for each user. # my $lognums =3D 2 + (hex substr(`md5 -q -s "$login$secret1"`, 0, 1)) % 7; my $delta =3D int (($esec / ((24 * 60 * 60) / $lognums)) / $max_seq); # # Compute seed and sequence number # my $seed =3D `md5 -q -s "$delta$login$secret2"`; chomp $seed; my $seq =3D $init_seq - ((int ($esec / ((24 * 60 * 60) / $lognums))) % $max_seq); return ($seq, $seed); } # # testcase # my $testlogin =3D "nouser"; $i =3D 1; for ($date =3D 1016265366; $date < 1226000000; $date +=3D 1) { ($seq, $seed) =3D get_fake_challenge ("nouser", $date); ($sec, $min, $hour, $mday, $mon, $year, $wday, $yday, $isdst) =3D localtime($date); printf ("%02u.%02u.%04u %02u:%02u:%02u (%03u, %s)\n", $mday+1, $mon, $year+1900, $hour, $min, $sec, $seq, $seed); if (!($i++ % 40)) { $i =3D 1; print "Press [RETURN]."; <>; } } To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message