From owner-freebsd-security@FreeBSD.ORG  Mon Feb  9 11:25:21 2009
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id DC4B81065797
	for <freebsd-security@freebsd.org>;
	Mon,  9 Feb 2009 11:25:21 +0000 (UTC) (envelope-from des@des.no)
Received: from tim.des.no (tim.des.no [194.63.250.121])
	by mx1.freebsd.org (Postfix) with ESMTP id 947468FC21
	for <freebsd-security@freebsd.org>;
	Mon,  9 Feb 2009 11:25:21 +0000 (UTC) (envelope-from des@des.no)
Received: from ds4.des.no (des.no [84.49.246.2])
	by smtp.des.no (Postfix) with ESMTP id D280E6D44C;
	Mon,  9 Feb 2009 11:09:59 +0000 (UTC)
Received: by ds4.des.no (Postfix, from userid 1001)
	id B47A7844BA; Mon,  9 Feb 2009 12:09:59 +0100 (CET)
From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no>
To: Benjamin Lutz <mail@maxlor.com>
References: <200902090957.27318.mail@maxlor.com>
Date: Mon, 09 Feb 2009 12:09:59 +0100
In-Reply-To: <200902090957.27318.mail@maxlor.com> (Benjamin Lutz's message of
	"Mon, 9 Feb 2009 09:57:27 +0100")
Message-ID: <86r627988o.fsf@ds4.des.no>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.0.60 (berkeley-unix)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Cc: freebsd-security@freebsd.org
Subject: Re: OPIE considered insecure
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Feb 2009 11:25:29 -0000

Benjamin Lutz <mail@maxlor.com> writes:
> I was a bit shocked to find out that OPIE truncates all digests to 64 bit=
s,=20
> no matter which algorithm you use. Some quick research into the current=20
> speed of MD5 brute-forcing produced this result:
> [...]
> So, is there an existing alternative one time password implementation tha=
t=20
> works on FreeBSD? Also, as a suggestion to the security team, maybe it's=
=20
> time to deprecate or remove OPIE?

Our current OPIE implementation is a piece of crap.  Feel free to
suggest (or write) a replacement.

That being said, there is no reason why OPIE challenges and responses
can't be extended to 128 bits or more.  The only downside is that users
won't be able to use existing key calculators; they'll have to use
pre-generated response sheets.

DES
--=20
Dag-Erling Sm=C3=B8rgrav - des@des.no