Defend against user enumeration timing attacks - overkill
1 view
Skip to first unread message
Dmitry Belyavskiy
Apr 12, 2023, 5:58:49 AM4/12/23
to OpenSSH Devel List
Dear colleagues,
I have a question about this commit:
https://github.com/openssh/openssh-portable/commit/e9d910b0289c820852f7afa67f584cef1c05fe95#diff-a25e40214ca9c9f78abce22f23bf2abdb2a24384c6610d60bbb314aed534eb48R216
The function ensure_minimum_time_since effectively doubles the time
spent in the input_userauth_request (mostly presumably in PAM). So if
PAM processing is really slow, it will cause huge delays - but if it
is so slow, it's more difficult to perform the enumeration attack.
So doesn't it make sense to provide an upper limit here and if really
spent time is more than this upper limit, to avoid extra sleep? Will
it be still necessary to protect from the attack? Vice versa, when the
auth failure happens fast enough, the doubling will not significantly
slow down the enumerations...
Any comments will be highly appreciated!
--
Dmitry Belyavskiy
_______________________________________________
openssh-unix-dev mailing list
openssh-...@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
I have a question about this commit:
https://github.com/openssh/openssh-portable/commit/e9d910b0289c820852f7afa67f584cef1c05fe95#diff-a25e40214ca9c9f78abce22f23bf2abdb2a24384c6610d60bbb314aed534eb48R216
The function ensure_minimum_time_since effectively doubles the time
spent in the input_userauth_request (mostly presumably in PAM). So if
PAM processing is really slow, it will cause huge delays - but if it
is so slow, it's more difficult to perform the enumeration attack.
So doesn't it make sense to provide an upper limit here and if really
spent time is more than this upper limit, to avoid extra sleep? Will
it be still necessary to protect from the attack? Vice versa, when the
auth failure happens fast enough, the doubling will not significantly
slow down the enumerations...
Any comments will be highly appreciated!
--
Dmitry Belyavskiy
_______________________________________________
openssh-unix-dev mailing list
openssh-...@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Dmitry Belyavskiy
Jun 28, 2023, 7:54:41 AM6/28/23
to OpenSSH Devel List
Dear colleagues,
May I ask you to explain whether I am wrong in my conclusions?
Peter Stuge
Jun 28, 2023, 8:04:00 AM6/28/23
to openssh-...@mindrot.org
Dmitry Belyavskiy wrote:
> May I ask you to explain whether I am wrong in my conclusions?
I guess it's not clear what problem you are trying to solve.
> May I ask you to explain whether I am wrong in my conclusions?
//Peter
Dmitry Belyavskiy
Jun 28, 2023, 8:13:48 AM6/28/23
to Peter Stuge, openssh-...@mindrot.org
Dear Peter,
I'm trying to balance the original problem statement (protection from
users enumeration) and avoid doubling time here if the process has
already taken a long time to provide faster auth method iteration.
I believe that a better solution is to set some arbitrary (probably
configurable) timeout and, in case when we spend more time than that
value, avoid doubling it.
--
Dmitry Belyavskiy
Dmitry Belyavskiy
Aug 25, 2023, 8:05:07 AM8/25/23
to Peter Stuge, openssh-...@mindrot.org
Dear Peter,
https://bugzilla.mindrot.org/show_bug.cgi?id=3602 is the patch I
propose to fix this issue.
It removes the delay for "none" auth method (which is dummy and
doesn't provide any information) and provides an (arbitrary) limit of
delay.
Reply all
Reply to author
Forward
0 new messages