PHK's MD5 might not be slow enough anymore
Matthew Dillon
dillon at apollo.backplane.com
Thu Jan 28 23:21:43 UTC 2010
Just give up and turn off tunneled plaintext passwords over the
network. No (non-kerberos) telnetd, rlogind, (non anonymous) ftpd, etc.
Just run sshd and put this in your sshd_config:
# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no
Local passwords can still be used for things like a (restricted) sudo,
console root logins, and X/xdm. Disallowing remote passworded logins
removes the primary attack vector, which is over the network.
You'd probably want to adjust /etc/login.access too since for
some reason beyond my comprehension /usr/bin/login can be run from
pty's to cross-login locally (with a password).
So even if the attacker knows the password he is SOL without physical
access.
--
The problem with stolen master.passwd files is that you often don't
know the file has been stolen until the hacker actually starts using
the compromised accounts. In otherwords, the hacker has as much time
as he wants to break the file before having to worry about someone
reacting to it. This makes the concept of multiplying the analysis
cost almost completely worthless above and beyond everything else
mentioned.
Mostly these protections against stolen master.passwd files aren't
so much to protect the machine against being hacked (since it was
hacked already to get the file in the first place), but instead to
reduce the work involved when cleaning up after a hack incident.
It's best to limit the damage by making the stolen file simply not
be useful to a remote attacker.
-Matt
Matthew Dillon
<dillon at backplane.com>
More information about the freebsd-security
mailing list