Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <alpine.BSO.2.21.1808261758080.76507@haru.mindrot.org>
Date: Sun, 26 Aug 2018 18:04:50 +1000 (AEST)
From: Damien Miller <djm@...drot.org>
To: oss-security@...ts.openwall.com
Subject: Re: About OpenSSH "user enumeration" /
 CVE-2018-15473

On Sat, 25 Aug 2018, Solar Designer wrote:

> This could mean an extra getpwnam(3) call, which is a slightly greater
> timing leak than what's present in one call. That may be further
> mitigated by always doing two calls. Of course, this won't be anywhere
> near timing-safe anyway.
>
> Now, it can be tricky to pick a specific fallback username in
> OpenSSH-portable that we'd be OK with all non-existent usernames to
> behave similarly to. "root" may somewhat likely have unusual password
> hash (like it historically did on OpenBSD); "nobody" likely has its
> password locked (but maybe that's OK - it is in fact common for SSH
> users to have only public keys setup, and no passwords). Maybe there
> should be a way to override this dummy username in sshd_config.

That sounds like a fair amount of complexity in return for scant
benefit: at best you dodge a few (IMO uninteresting) bugs, but now you
are guaranteed to have all your authz code exposed to a the attacker.

Moreover, using a "real fake" account gives a timing / system behaviour
baseline too. It might be harder to discern, but techniques for making
remote observations of subtle system side-channels are scarily well-
developed, and I'm sure that it would be pretty easy to spot if people
applied them.

-d

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.