Bugtraq mailing list archives
Re: OpenSSH & S/Key information leakage
From: Robert Bihlmeyer <robbe () orcus priv at>
Date: 16 Nov 2001 11:31:17 +0100
flaps () dgp toronto edu (Alan J Rosenthal) writes: [quote reordered & trimmed]
A login prompt for a non-account looks like this: login: flomp otp-md5 175 at2078 ext Response: So far, so good. But press return once or twice to get "Login incorrect" (or make a new conection), and then do login: flomp otp-md5 220 at0624 ext Response:
Oops. But if a system mandated a common seed for all accounts (one that changes regularly) all login attempts will show that. For the sequence number, the fake response could use a number that is dependent on the login name and the seed, e.g. the lower bits of MD5(login + seed + host-secret) Would using the same seed for all (real) accounts lose us security? My intuition is no, but this needs to be thought over more.
If OPIE didn't tell you the password number, for example, it would be quite hard to use.
You can keep the last used number on a slip of paper in your wallet (according to one's threat model and set-up keeping the OTPs there as well may be appropriate). Logged-in users can query their seq#, if they are in doubt. The login process can also tell you the current number if you try to use an older OTP. This does not affect security, because an attacker that knows an older OTP obviously has snooped on a previous successful login attempt and thus knows that this account exists. -- Robbe
Attachment:
signature.ng
Description:
Current thread:
- OpenSSH & S/Key information leakage Joel Maslak (Nov 12)
- Re: OpenSSH & S/Key information leakage Markus Friedl (Nov 13)
- <Possible follow-ups>
- Re: OpenSSH & S/Key information leakage Alan J Rosenthal (Nov 15)
- Re: OpenSSH & S/Key information leakage Robert Bihlmeyer (Nov 19)
- Re: OpenSSH & S/Key information leakage Pavel Kankovsky (Nov 19)