From owner-freebsd-security Sat Dec 14 23:14:58 1996 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id XAA27857 for security-outgoing; Sat, 14 Dec 1996 23:14:58 -0800 (PST) Received: from profane.iq.org (profane.iq.org [203.4.184.217]) by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id XAA27833; Sat, 14 Dec 1996 23:14:45 -0800 (PST) Received: (from proff@localhost) by profane.iq.org (8.8.4/8.8.2) id SAA05070; Sat, 14 Dec 1996 18:24:38 +1100 (EST) From: Julian Assange Message-Id: <199612140724.SAA05070@profane.iq.org> Subject: Re: vulnerability in new pw suite In-Reply-To: from "[______ ______, Andrey Chernov]" at "Dec 14, 96 04:51:08 pm" To: ache@nagual.ru (=?KOI8-R?Q?=E1=CE=C4=D2=C5=CA_=FE=C5=D2=CE=CF=D7=2C_Andrey_Chernov?=) Date: Sat, 14 Dec 1996 18:24:38 +1100 (EST) Cc: security@freebsd.org, hackers@freebsd.org X-Mailer: ELM [version 2.4ME+ PL28 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > On Sat, 14 Dec 1996, Julian Assange wrote: > > > The FreeBSD account administration pw suite is able to produce > > "random" passwords for new accounts. Due to the simplicity of the > > password generation algorithm involved, the passwords are easily > > predictable amid a particular range of possibilities. This range > > may be very narrow, depending on what sort of information is > > available to the attacker. > > I agree on this subj. but I wonder about method you use, it > is unnecessary complex, reading /dev/urandom will be enough > without MD5 hashing. /dev/urandom not optional device, so > if it isn't exists or not give enough bytes it must be > detected as program failure and not covered by MD5 workaround. > -- > Andrey A. Chernov I thought it was optional, a check of this shows you are right. Still, it is possible that David is using pw(8) on more platforms than FreeBSD. As for the password length issue, known password length is only an issue with dictionary passwords, as length l-1 is always many times easier to check than length l, so any such checking algorithm always starts at the smallest length and works up. The worst case (security wise) senario only gains the attacker 1/n comparisons, such that n is the number of potential characters selectable for any given character position. i.e 1/n < 1/26 -Julian A. (proff@suburbia.net)