Firewall Wizards mailing list archives
Re: Lotus Domino as an access control to internal network
From: Aleph One <aleph1 () dfw net>
Date: Fri, 6 Mar 1998 13:11:48 -0600 (CST)
On Fri, 6 Mar 1998, Rik Farrow wrote:
I am talking about using Notes as an agent for guessing a users password, and suggesting that this password will also be used anywhere the user has access within an organization: terminal servers, not connected to the Domino server, other servers such as Netware or NT servers. Notes makes a dandy and practically undetectable mechanism for password guessing, and the password guessed very likely will be in use elsewhere.
I see where you comming from now. Do note that there is no way for Notes to prevent this. Even if the Notes client or server software tracked bad login attempts and disabled accounts when a threshold is reached the attacker could write custom software that attempted to guess the password off-line as long as he has the USER.ID file and he can recognize when the USER.ID file has been decrypted correctly. This is a feature of all applications and protocols that use passwords to protect secret keys. The same thing applies to your web based certificates and other such instruments as Peter Gutmann's work in cracking Internet Explorer PKCS-12 key files show. It goes even deeper than that. You can crack off-line c/r protocols such as Microsoft's (see L0phtcrack), Kerberos's encrypted tickets, or even standard unix passwords. The similarity between all this cases is that the attacker has enough information (either the encrypted ticket, encrypted certificate, the challenge response, the password hash, etc) to mount an off-line attack and verify when the attack has successed. The only reason that Notes is more tempting for an attacker to brute force in your example is because you are assuming that the attacker has obtained access to the USER.ID file, but to obtain that file you must also assume that attacker has gotten access to the user's laptop at which point he can just as easily access the .PWL files (in Windows 95's case) or the SAM database (in Windows NT's case), both of which you can attack by brute force just as easily (more easily?) than the USER.ID file. The are a few protocols that don't have this draw back. The one I been looking at lately is Secure Remote Password (SRP) developed at Stanford by Tom Wu. It looks like a wonderful protocol (then again I am no cryptographer so my opinion is not worth much) based in zero-knowledge and does not require the client or server to maintain any secret information in storage. http://srp.stanford.edu/srp/
Regards, Rik
Aleph One / aleph1 () dfw net http://underground.org/ KeyID 1024/948FD6B5 Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01
Current thread:
- Re: Lotus Domino as an access control to internal network Andreas Siegert (Mar 02)
- <Possible follow-ups>
- Re: Lotus Domino as an access control to internal network Rik Farrow (Mar 06)
- Re: Lotus Domino as an access control to internal network Aleph One (Mar 06)
- Re: Lotus Domino as an access control to internal network Rik Farrow (Mar 06)
- Re: Lotus Domino as an access control to internal network Aleph One (Mar 06)