Date: Mon, 9 Feb 2009 09:57:27 +0100 From: Benjamin Lutz <mail@maxlor.com> To: freebsd-security@freebsd.org Subject: OPIE considered insecure Message-ID: <200902090957.27318.mail@maxlor.com>
next in thread | raw e-mail | index | archive | help
Hello, I run a firewall where I use OPIE one time passwords for external logins, figuring that this gives me some added protections if I ever need to access it from untrustworthy hosts. A message about the weakness of MD5 got me thinking that maybe a better algorithm could be used for OPIE, and I was delighted to see that some clever hacked has added SHA-1 support to it (although it's a bit under-documented). Then I noticed that the one time passwords don't increase in length with SHA-1. That's weird, since MD5 produces 128bit digests, while SHA-1 produces 160bit digests. So I had a closer look at how the one time passwords are used with in OPIE. I was a bit shocked to find out that OPIE truncates all digests to 64 bits, no matter which algorithm you use. Some quick research into the current speed of MD5 brute-forcing produced this result: http://img519.imageshack.us/my.php?image=eightni6.jpg This ^ was produced on a quad core machine with 4 eVGA 9800GX2 graphics cards, i.e. a top end gaming machine; it can calculate 3611.81 million md5 hashes per second. Using that machine and that speed as a baseline, it's possible to produce a rainbow table with all hashes that OPIE is ever going to use and produce within 16 years. If you can live with a thinned out rainbow table (say, because you can the observe the user enter 8 passwords), and your budget allows a small cluster of these machines, you quickly get into the range of months. Add a few iterations of moore's law... well, you get the point. So, is there an existing alternative one time password implementation that works on FreeBSD? Also, as a suggestion to the security team, maybe it's time to deprecate or remove OPIE? Cheers Benjamin
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200902090957.27318.mail>