Re: slower logins

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

From: Ted Unangst

Date: Thursday, December 16, 2010 - 6:46 am

On Thu, Dec 16, 2010 at 4:35 AM, Joachim Schipper
<joachim@joachimschipper.nl> wrote:
quoted text> On Wed, Dec 15, 2010 at 09:42:52PM -0700, Bob Beck wrote:
>> I don't mind [increasing the number of Blowfish rounds] if the
>> eventual goal is to think about diddling with it per arch..
>>
>> I certainly do NOT want a 2^11 blowfish password when logging into my
>> sparc
>
> Why not? An attacker can, after all, brute-force your password on a
> machine of his choice. Silently decreasing the number of rounds on older
> architectures surprises the user in a way that can lead to password
> compromise ("My password was brute-forced because I used it on a sparc?!
> I would have been fine on amd64? Huh? What happened to 'secure by
> default'?!")

At some point, you won't be able to compute the hash before the login
timeout of 5 minutes expires.  Hopefully, the people using old
machines are using them for fun, not in a setting where master.passwd
is likely to be stolen.

That's really what it's about.  Is your machine likely to have the
passwd file stolen and are the accounts and passwords in that file
worth cracking?

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

slower logins, Ted Unangst, (Wed Dec 15, 8:31 pm)

Re: slower logins, Ted Unangst, (Wed Dec 15, 9:33 pm)

Re: slower logins, Bob Beck, (Wed Dec 15, 9:42 pm)

Re: slower logins, Joachim Schipper, (Thu Dec 16, 2:35 am)

Re: slower logins, Mike Belopuhov, (Thu Dec 16, 5:38 am)

Re: slower logins, Ted Unangst, (Thu Dec 16, 6:46 am)

Re: slower logins, Bob Beck, (Thu Dec 16, 8:14 am)

Re: slower logins, Bob Beck, (Thu Dec 16, 8:15 am)

Re: slower logins, Joachim Schipper, (Thu Dec 16, 9:29 am)

Re: slower logins, Ted Unangst, (Thu Dec 16, 9:39 am)


linux-kernel:
Gene Heskett	Re: New thread RDSL, post-2.6.20 kernels and amanda (tar) miss-fires
Ray Lee	Re: New thread RDSL, post-2.6.20 kernels and amanda (tar) miss-fires
Michael Moore	Re: underage models, pre teen models, lolita porn, young preteens, little lolitas
Gene Heskett	Re: New thread RDSL, post-2.6.20 kernels and amanda (tar) miss-fires
Justin Mattock	Re: macbook pro dvd playback after suspend Buffer I/O error
git:
Bill Lear	cpio command not found
Gary Yang	fatal: did you run git update-server-info on the server? mv post-update.sample pos...
Uwe	Re: "bash: git-upload-pack: command not found" ??
Ben Schmidt	Getting the path right for git over SSH
Fredrik Kuivinen	Re: fatal: unable to create '.git/index': File exists
linux-netdev:
Jamie Lokier	Re: [2/3] POHMELFS: Documentation.
Francois-Xavier Le Bail	[PATCH v2] net: typos in comments in include/linux/igmp.h
Stephen Hemminger	Re: vlan JMicron Technologies, Inc. JMC250 PCI Express Gigabit Ethernet
Sage Weil	Re: [2/3] POHMELFS: Documentation.
Patrick McHardy	Re: [ANNOUNCE]: First release of nftables
openbsd-misc:
Netmaffia.hu	Tini Lányok AKCIÓBAN OTTHON
openbsd	observed spamd behavior
Ted Unangst	Re: OpenSMTPd actual development and integration
Paul M	Corrupted RAIDFrame device
BetClic	Benfica vs Porto - Qual o seu palpite?
git-commits-head:
Linux Kernel Mailing List	Remove empty comment in acpi/power.c
Linux Kernel Mailing List	Linux 2.6.34-rc4
Linux Kernel Mailing List	[SCSI] scsi_dh_rdac: Retry for Quiescence in Progress in rdac device handler
Linux Kernel Mailing List	ALSA: cosmetic: make hda intel interrupt name consistent with others
Linux Kernel Mailing List	USB: gadget: audio: provide correct device id