From owner-freebsd-security@FreeBSD.ORG Sat Mar 12 12:12:08 2011 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 09C4E1065672 for ; Sat, 12 Mar 2011 12:12:08 +0000 (UTC) (envelope-from simias.n@gmail.com) Received: from mail-wy0-f182.google.com (mail-wy0-f182.google.com [74.125.82.182]) by mx1.freebsd.org (Postfix) with ESMTP id 874AD8FC0C for ; Sat, 12 Mar 2011 12:12:07 +0000 (UTC) Received: by wyf23 with SMTP id 23so3791295wyf.13 for ; Sat, 12 Mar 2011 04:12:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:date:from:to:subject:message-id :mail-followup-to:references:mime-version:content-type :content-disposition:in-reply-to:user-agent; bh=bxQbAp21o0he2+YnfmR7zdpKLJ9tkSf8wiubnaygVPs=; b=BudCRcM66yEFZlY3HFMetmodcaS9Ob1nFaE52jbtrkzyWefkTOP2uAauqs/JjfRZX1 Ajz8ywOvSz8EUQ600Gi9/Aoglwl+km+4rvcOBlmVGkBkGXsXyvCUFzcexjtKkiPW8Qy7 ZBPBH6XsIGdszT8rdWxxu+8JjManngh3VALI4= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=date:from:to:subject:message-id:mail-followup-to:references :mime-version:content-type:content-disposition:in-reply-to :user-agent; b=v6qkn+kI0t7jEreeN1eWw7en4x3H9PeOig5NHibsn6ait0cXe0aNMs6fscWdH2/Kwe 23X8E0vkipXe3F64UKDHxVCZJ/YB75/cZWKpMCwzIKHpbmO0tf3+DV0yPmfi0Str8UsE EGmDKrRP886EXwIHngRWIlyyLKNy44NCVOIZ4= Received: by 10.216.121.130 with SMTP id r2mr8683236weh.96.1299931926284; Sat, 12 Mar 2011 04:12:06 -0800 (PST) Received: from localhost (home.svkt.org [82.243.51.8]) by mx.google.com with ESMTPS id r57sm2712574wes.25.2011.03.12.04.12.02 (version=TLSv1/SSLv3 cipher=OTHER); Sat, 12 Mar 2011 04:12:03 -0800 (PST) Date: Sat, 12 Mar 2011 12:12:01 +0000 From: Lionel Flandrin To: freebsd-security@freebsd.org Message-ID: <20110312121200.GJ9421@shame.svkt.org> Mail-Followup-To: freebsd-security@freebsd.org References: <1299682310.17149.24.camel@w500.local> <1299769253.20266.23.camel@w500.local> <2E5C0CE8-4F70-4A4D-A91D-3274FD394C80@elvandar.org> <1299784361.18199.4.camel@w500.local> <20110310202653.GG9421@shame.svkt.org> <1299798547.20831.59.camel@w500.local> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="iAzLNm1y1mIRgolD" Content-Disposition: inline In-Reply-To: <1299798547.20831.59.camel@w500.local> User-Agent: Mutt/1.5.21 (2010-09-15) Subject: Re: It's not possible to allow non-OPIE logins only from trusted networks X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 12 Mar 2011 12:12:08 -0000 --iAzLNm1y1mIRgolD Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Mar 10, 2011 at 11:09:07PM +0000, Miguel Lopes Santos Ramos wrote: >=20 > Qui, 2011-03-10 =E0s 20:26 +0000, Lionel Flandrin escreveu: > > On Thu, Mar 10, 2011 at 07:12:41PM +0000, Miguel Lopes Santos Ramos wro= te: > > >=20 > > > Thanks. I'll probably be looking into that sooner or latter. > > >=20 > > > However, OPIE, nobody cares about OPIE? > >=20 > > Hi, > >=20 > > I do care about OPIE, >=20 > Thanks!! >=20 > > but it has many shortcomings arguably more > > critical than the one you're pointing out. What bothers me most is the > > absence of a prefix password and the possibility that someone may > > highjack my session if he's replaying my input and sends the \n before > > I do. See the wikipedia page about OTPW[1] for a more detailed > > explanation about that. OTPW is an alternative to OPIE that aims at > > correcting these issues. >=20 > Well, I had never heard of OTPW, thanks for the pointer. But I'm not > concerned about those problems you mentioned: >=20 > - As to the possibility of someone hijacking my session and sending \n > before I do, I don't care for that because I only use SSH (the same > comment would apply to your solution with https). That problem would be > valid for cleartext sessions not encrypted with a session key. If > someone can hijack my SSH session... hey, then all is lost in any case, > the least I care about then is my password... Even with SSH/HTTPS you're at risk if someone hijacks your session not by man-in-the-middle'ing your network connection but by using a keylogger directly on your guest OS or even on your USB port. > - About prefix passwords, I just gave a quick read on that wikipedia > page, but that seems to me important for the case where you take a list > of passwords with you, and I wouldn't do that. And because OTPW is to be > used like that, I don't think I would use it. I use OPIE when I have no > other solution, I didn't take anything with me. At any moment, I > download an OTP calculator and log in. If I'm supposed to carry > anything, I'll prefer to carry an SSH key, a lot safer. Well I use my cell phone to calculate the OTP, but right now I have the passphrase stored on my cell phone (because it's a pain to type a complex passphrase on these devices for me) so I'd like to have an other, shorter and less secure prefix password that would just give me some time to reset the main passphrase if my phone gets stolen. By the way, I'm working on a dirty hack right now that would in effect give me that: I plan to modify the OTP calculator I use so that it would save only a portion of the passphrase, and I would have to enter the last few characters (say, a 4 digit PIN-like code) by hand each time. This way I can have a complex non-bruteforceable passphrase that I can store on my trusted cellphone plus something that protects me for a while if my cellphone gets stolen. It's still a dirty hack tho. > - The objection on S/KEY on that wiki page, that it's possible to > compute all previous passwords, is a bit odd, since past passwords won't > be used anymore. Yeah, that's a bit contrived, I guess it's only dangerous if you print a list of passwords and for some reason the last ones of them get compromised. > - That S/KEY uses small english words actually helps a lot. > >=20 > > I'd try to install and configure OTPW on my server to replace OPIE, > > but it's not in the ports and I don't know PAM well enough to try and > > mess with it, I would probably end up opening more security holes than > > I'm fixing. > >=20 > > Since these days many of us use cell phones where it's easy to write > > and distribute challenge/response generators I don't understand why > > there seems to be so little interest in developing and improving one > > time passwords solutions (including for websites, I wonder how many > > facebook/twitter/whatever accounts I could steal by putting keyloggers > > in an internet cafe). >=20 > One time passwords made the most sense with insecure connections. Over a > secure session, such as ssh or https, in principle, a strong password is > just as strong. One time passwords add no security if in the end all > amounts to a brute force attack. Again, encryption will not stop a keylogger on an untrusted computer. Everything is still clear text until it's written into the SSL/SSH socket. And it's not exactly difficult or super expensive to install: http://www.amazon.com/dp/B004IA69YE =20 > However, to me, in practice, they do add security, because: > - One time passwords lead to a larger search space, unless when compared > to random passwords. Random passwords however end up having to be > written in something that must be carried. > - Obviously, it's an additional layer of security that the attacker > would have to be aware of (even though this counts as zero). > - One time passwords don't get compromised as easily, because you would > have to be really foolish to use your passphrase anywhere else or write > it down. >=20 >=20 > So, it really is questionable if they are any better in the world of > encrypted connections. >=20 >=20 > > I would gladly look into it myself but the subject is so security > > critical that I'm a little put off. If one of you knows of a project > > working on improving or replacing OPIE, I would gladly look into it > > and try to contribute if I can. Maybe this project _is_ OTPW? Why > > isn't it in the ports yet when the Wikipedia article claims it > > supports FreeBSD? Has anyone here tried it? > >=20 > > As for OpenVPN, it is a really good piece of software and you should > > have a look at it, but I can imagine scenarios where a one time > > password would be better suited than a complete VPN setup (For > > instance I use OPIE and shellinabox[2] over HTTPS to connect to my > > server from anywhere I can find a web browser, no need to install any > > additional software). > >=20 > > [1] https://secure.wikimedia.org/wikipedia/en/wiki/OTPW > > [2] https://code.google.com/p/shellinabox/ > >=20 > > Cheers, >=20 >=20 > Thanks for the pointers. That shellinabox is really cool. > However, to me it's a lot easier to setup OpenSSH than it is to setup an > https web server. I don't mind having to install PuTTY or FileZilla once > a week, I already can navigate Simon Tatham's home page blindfolded. >=20 > Regards, >=20 > --=20 > Miguel Ramos > PGP A006A14C --=20 Lionel Flandrin --iAzLNm1y1mIRgolD Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (GNU/Linux) iEYEAREKAAYFAk17YxAACgkQlfFEoIrYgB3wqwCfdZmPDyH4z3xcZfSTeh+AVLfJ mcoAn1QoHoN7RqKsGqYX8Bax/yybiQxB =vyN4 -----END PGP SIGNATURE----- --iAzLNm1y1mIRgolD--