Date: Mon, 9 Feb 2009 18:05:50 +0100 From: Daniel Roethlisberger <daniel@roe.ch> To: freebsd-security@freebsd.org Subject: Re: OPIE considered insecure Message-ID: <20090209170550.GA60223@hobbes.ustdmz.roe.ch> In-Reply-To: <200902090957.27318.mail@maxlor.com> References: <200902090957.27318.mail@maxlor.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Benjamin Lutz <mail@maxlor.com> 2009-02-09: [...] > Then I noticed that the one time passwords don't increase in > length with SHA-1. That's weird, since MD5 produces 128bit > digests, while SHA-1 produces 160bit digests. So I had a closer > look at how the one time passwords are used with in OPIE. > > I was a bit shocked to find out that OPIE truncates all digests > to 64 bits, no matter which algorithm you use. Some quick > research into the current speed of MD5 brute-forcing produced > this result: > > http://img519.imageshack.us/my.php?image=eightni6.jpg > > This ^ was produced on a quad core machine with 4 eVGA 9800GX2 > graphics cards, i.e. a top end gaming machine; it can calculate > 3611.81 million md5 hashes per second. Using that machine and > that speed as a baseline, it's possible to produce a rainbow > table with all hashes that OPIE is ever going to use and > produce within 16 years. If you can live with a thinned out > rainbow table (say, because you can the observe the user enter > 8 passwords), and your budget allows a small cluster of these > machines, you quickly get into the range of months. Add a few > iterations of moore's law... well, you get the point. > > So, is there an existing alternative one time password > implementation that works on FreeBSD? Also, as a suggestion to > the security team, maybe it's time to deprecate or remove OPIE? While I agree that OPIE can be improved, I think that the current OPIE implementation is still much better than having to use passwords from untrusted machines. I also prefer current OPIE to copying SSH private keys to untrusted machines. So until there is a more secure alternative, I really don't think removing OPIE would have a positive effect on security. -- Daniel Roethlisberger http://daniel.roe.ch/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090209170550.GA60223>