It's not possible to allow non-OPIE logins only from trusted networks

Lionel Flandrin simias.n at gmail.com
Sat Mar 12 12:12:08 UTC 2011 

On Thu, Mar 10, 2011 at 11:09:07PM +0000, Miguel Lopes Santos Ramos wrote:
> 
> Qui, 2011-03-10 às 20:26 +0000, Lionel Flandrin escreveu:
> > On Thu, Mar 10, 2011 at 07:12:41PM +0000, Miguel Lopes Santos Ramos wrote:
> > > 
> > > Thanks. I'll probably be looking into that sooner or latter.
> > > 
> > > However, OPIE, nobody cares about OPIE?
> > 
> > Hi,
> > 
> > I do care about OPIE,
> 
> Thanks!!
> 
> >  but it has many shortcomings arguably more
> > critical than the one you're pointing out. What bothers me most is the
> > absence of a prefix password and the possibility that someone may
> > highjack my session if he's replaying my input and sends the \n before
> > I do. See the wikipedia page about OTPW[1] for a more detailed
> > explanation about that. OTPW is an alternative to OPIE that aims at
> > correcting these issues.
> 
> Well, I had never heard of OTPW, thanks for the pointer. But I'm not
> concerned about those problems you mentioned:
> 
> - As to the possibility of someone hijacking my session and sending \n
> before I do, I don't care for that because I only use SSH (the same
> comment would apply to your solution with https). That problem would be
> valid for cleartext sessions not encrypted with a session key. If
> someone can hijack my SSH session... hey, then all is lost in any case,
> the least I care about then is my password...

Even with SSH/HTTPS you're at risk if someone hijacks your session not
by man-in-the-middle'ing your network connection but by using a
keylogger directly on your guest OS or even on your USB port.

> - About prefix passwords, I just gave a quick read on that wikipedia
> page, but that seems to me important for the case where you take a list
> of passwords with you, and I wouldn't do that. And because OTPW is to be
> used like that, I don't think I would use it. I use OPIE when I have no
> other solution, I didn't take anything with me. At any moment, I
> download an OTP calculator and log in. If I'm supposed to carry
> anything, I'll prefer to carry an SSH key, a lot safer.

Well I use my cell phone to calculate the OTP, but right now I have
the passphrase stored on my cell phone (because it's a pain to type a
complex passphrase on these devices for me) so I'd like to have an
other, shorter and less secure prefix password that would just give me
some time to reset the main passphrase if my phone gets stolen.

By the way, I'm working on a dirty hack right now that would in effect
give me that: I plan to modify the OTP calculator I use so that it
would save only a portion of the passphrase, and I would have to enter
the last few characters (say, a 4 digit PIN-like code) by hand each
time. This way I can have a complex non-bruteforceable passphrase that
I can store on my trusted cellphone plus something that protects me
for a while if my cellphone gets stolen. It's still a dirty hack tho.

> - The objection on S/KEY on that wiki page, that it's possible to
> compute all previous passwords, is a bit odd, since past passwords won't
> be used anymore.

Yeah, that's a bit contrived, I guess it's only dangerous if you print
a list of passwords and for some reason the last ones of them get
compromised.

> - That S/KEY uses small english words actually helps a lot.
>
> 
> > I'd try to install and configure OTPW on my server to replace OPIE,
> > but it's not in the ports and I don't know PAM well enough to try and
> > mess with it, I would probably end up opening more security holes than
> > I'm fixing.
> > 
> > Since these days many of us use cell phones where it's easy to write
> > and distribute challenge/response generators I don't understand why
> > there seems to be so little interest in developing and improving one
> > time passwords solutions (including for websites, I wonder how many
> > facebook/twitter/whatever accounts I could steal by putting keyloggers
> > in an internet cafe).
> 
> One time passwords made the most sense with insecure connections. Over a
> secure session, such as ssh or https, in principle, a strong password is
> just as strong. One time passwords add no security if in the end all
> amounts to a brute force attack.

Again, encryption will not stop a keylogger on an untrusted
computer. Everything is still clear text until it's written into the
SSL/SSH socket. And it's not exactly difficult or super expensive to
install: http://www.amazon.com/dp/B004IA69YE
 
> However, to me, in practice, they do add security, because:
> - One time passwords lead to a larger search space, unless when compared
> to random passwords. Random passwords however end up having to be
> written in something that must be carried.
> - Obviously, it's an additional layer of security that the attacker
> would have to be aware of (even though this counts as zero).
> - One time passwords don't get compromised as easily, because you would
> have to be really foolish to use your passphrase anywhere else or write
> it down.
> 
> 
> So, it really is questionable if they are any better in the world of
> encrypted connections.
> 
> 
> > I would gladly look into it myself but the subject is so security
> > critical that I'm a little put off. If one of you knows of a project
> > working on improving or replacing OPIE, I would gladly look into it
> > and try to contribute if I can. Maybe this project _is_ OTPW? Why
> > isn't it in the ports yet when the Wikipedia article claims it
> > supports FreeBSD? Has anyone here tried it?
> > 
> > As for OpenVPN, it is a really good piece of software and you should
> > have a look at it, but I can imagine scenarios where a one time
> > password would be better suited than a complete VPN setup (For
> > instance I use OPIE and shellinabox[2] over HTTPS to connect to my
> > server from anywhere I can find a web browser, no need to install any
> > additional software).
> > 
> > [1] https://secure.wikimedia.org/wikipedia/en/wiki/OTPW
> > [2] https://code.google.com/p/shellinabox/
> > 
> > Cheers,
> 
> 
> Thanks for the pointers. That shellinabox is really cool.
> However, to me it's a lot easier to setup OpenSSH than it is to setup an
> https web server. I don't mind having to install PuTTY or FileZilla once
> a week, I already can navigate Simon Tatham's home page blindfolded.
> 
> Regards,
> 
> -- 
> Miguel Ramos <mbox at miguel.ramos.name>
> PGP A006A14C

-- 
Lionel Flandrin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20110312/0adfe415/attachment.pgp

More information about the freebsd-security mailing list