[Pkg-shadow-devel] passwd behavior
Tomasz Kłoczko
kloczek at rudy.mif.pg.gda.pl
Mon Apr 3 16:34:19 UTC 2006
On Mon, 3 Apr 2006, Alexander Gattin wrote:
> Hi!
>
> On Mon, Apr 03, 2006 at 11:39:33AM +0200, Tomasz Kłoczko wrote:
>> incorrect. I was looking on some other passwd implementations and seems
>> only shadow passwd blocades SIGINT (Ctrl-C). I don't see any real
>> reasons for doing this (security or other).
>
> AFAIR this is done to make life of password bruteforcer
> harder. I.e. when he enters wrong _initial_ password,
> PAM or no-pam-shadow will delay (for e.g. 3s IIRC). By
> using ^C he/she will be ably to bypass this delay.
>
> But when user enters _new_ passwword and _retypes_ it,
> he/she shouldn't have SIGINT blocked.
IMO "easier/harder" criteria isn't correct.
Correct is "it is possible/not possible".
Next what I see: in casse "initial pasword" .. there is no initial
password case :_)
Why ? OK. Lets look on usual cycle adding new user .. user is added
without password (in shadow map sits "x" as password digest). Usualy only
root can change password. In case changeing password on this stage if root
will ommit messages like "password is too short" or "based on dictionary word"
_now_ is powssible bruteforce attack .. and look this is not "initial"
password but only "weak" passowrd. Isn't it ?
If password is not weak -> is using SIGINT for passwd changes
something ? Lokks like .. not :)
In this variant only is neccessary detecting passwd
bruteforce attack (probably can be done on for example logwatch or
other syslog log or audit log analiser level).
Next questions in this analise: is blocadeing SIGINT in passwd makes not
possible bruteforce passwd commnad attack ?
Answer is: still _not_. So ..
-> Q: how to blocade correctly passwd command bruteforce attack ?
-> A1: by detecting too many tries password changes without entering
correct old password fist in some period.
-> A2: by blocade for root/privilidged user allow set weak password (how
many times root sets themeselves weak password .. only because
it is possible ? :)
IMO best way for solve passwd command bruteforce attack is walking on
second answer path .. maybe not by make strict dissallow set weak
password but by make this as configuration option.
Lets continue .. but only if on above is something wrong :)
My current conclution is: still I'm shure about unblocade SIGINT in
passwd.
kloczek
--
-----------------------------------------------------------
*Ludzie nie mają problemów, tylko sobie sami je stwarzają*
-----------------------------------------------------------
Tomasz Kłoczko, sys adm @zie.pg.gda.pl|*e-mail: kloczek at rudy.mif.pg.gda.pl*
More information about the Pkg-shadow-devel
mailing list