[nycbug-talk] Distributed ssh dictionary attacks

Miles Nordin carton at Ivy.NET
Wed Nov 26 14:09:50 EST 2008 

>>>>> "ak" == Andy Kosela <akosela at andykosela.com> writes:

    ak> I don't think it's very reasonable to open sshd(8) to the
    ak> whole world

what do you use to get into your machines then, GoToMyPeeCee.com?
jesus, of course it's reasonable.

I think we're muddling this with squishy secure-feeling bikeshed
discussion.  The point of PF and other blacklisting was to stop the
attackers from CPU-DoSing you with PFS key negotiations, not fear that
one of the stolen passwords in their database will actually work.

If you have the latter fear, I'd suggest:

 (1) don't let users choose their own passwords.  Make passwords with
     pwgen, and give users the option to ``generate new password'',
     but not to set it, and force generation of new ones a couple
     times a year.

     This does two things.  First the passwords are good and hard to
     replicate with dictionaries.  Second and maybe more importantly,
     it's less convenient for users to use your password on other
     sites, so it's vastly less likely your passwords will end up in
     the attacker's database.  Users are so lazy, any crapass
     VBulletin site is functionally a phishing site because they feed
     the damn thing with the one password they use everywhere.

 -or-

 (2) use pubkey login only, no passwords.


 -and-

 (3) don't make the (1) stupid-user problem worse.  If you ever store
     a PAP-like password in a database, hash it.  And OpenID-ify all
     your web2.0 craplets so users can have their convenience without
     being unhygenic.

The reason this new attack has come up is probably that the PF
blacklists _were_ effective at protecting bad passwords underneath.
If you'd kept the two attacks separate in your head before, then this
new variant of it wouldn't cause you any new worry.

well...provided you acted on what was in your head.  I don't do (1) or
(2) or (3), so the new attack does cause me some extra worry.

but...yeah...it's starting to look like ``ability to receive plaintext
email at an address confirmed earlier, and the good fortune to have it
arrive unsnooped'' may actually be MORE secure than ``knowledge of a
password negotiated earlier over an encrypted link.''
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 304 bytes
Desc: not available
URL: <https://lists.nycbug.org:8443/pipermail/talk/attachments/20081126/81641b0c/attachment.bin>

More information about the talk mailing list