Date: Tue, 23 Apr 2002 18:40:05 +0200 From: Bjoern Fischer <bfischer@Techfak.Uni-Bielefeld.DE> To: Jordan Hubbard <jkh@winston.freebsd.org> Cc: hackers@FreeBSD.ORG Subject: OT: Better fake challenges [Re: ssh + compiled-in SKEY support considered harmful?] Message-ID: <20020423164005.GB258@frolic.no-support.loc> In-Reply-To: <200204230039.g3N0dQ8i011313@winston.freebsd.org> References: <200204230039.g3N0dQ8i011313@winston.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello,
> jhubbard@wafer-> ssh jkh@winston.freebsd.org
> otp-md5 114 wi7854 ext
> S/Key Password:
> otp-md5 117 wi5044 ext
> S/Key Password:
> otp-md5 397 wi0652 ext
> S/Key Password:
> jkh@winston.freebsd.org's password:
If anyone is concerned about revealing too much information on
valid/invalid OTP login names through S/Key or OPIE fake challanges,
here is a proof of concept of a much better stateless fake challenge
generator. It shouldn't be possible to distuingish valid from invalid
OTP login names by just giving a few login attempts. It would not
last a statistical analysis, but that many failed login attempts
should show up in the logs and raise an alert condition.
-Björn
===========================================
#!/usr/bin/perl -w
#
# It should not be important to have two distinct secrets
#
my $secret1 = "Soylent Green is human!";
my $secret2 = "Komm suesser Tod (BWV 471)";
#
# The sequence number should not drop beyond 3, since the user needs
# a sequence number to reset the counter.
#
my $init_seq = 499;
my $min_seq = 2;
my $max_seq = $init_seq - $min_seq;
#
# get_fake_challenge(const char *login, time_t esec)
#
# This subroutine computes a sufficiently good fake sequence
# for a given login name and a date.
#
sub get_fake_challenge {
my ($login, $esec) = @_;
#
# Assuming, a user logs in a few times a day, we have to use a login
# schedule, that is constant (but different) for each user.
#
my $lognums = 2 + (hex substr(`md5 -q -s "$login$secret1"`, 0, 1)) % 7;
my $delta = int (($esec / ((24 * 60 * 60) / $lognums)) / $max_seq);
#
# Compute seed and sequence number
#
my $seed = `md5 -q -s "$delta$login$secret2"`;
chomp $seed;
my $seq = $init_seq -
((int ($esec / ((24 * 60 * 60) / $lognums))) % $max_seq);
return ($seq, $seed);
}
#
# testcase
#
my $testlogin = "nouser";
$i = 1;
for ($date = 1016265366; $date < 1226000000; $date += 1) {
($seq, $seed) = get_fake_challenge ("nouser", $date);
($sec, $min, $hour, $mday, $mon, $year, $wday, $yday, $isdst) =
localtime($date);
printf ("%02u.%02u.%04u %02u:%02u:%02u (%03u, %s)\n",
$mday+1, $mon, $year+1900, $hour, $min, $sec, $seq, $seed);
if (!($i++ % 40)) {
$i = 1;
print "Press [RETURN].";
<>;
}
}
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020423164005.GB258>