Dropbear 2019.77
Matt Johnston
matt at ucc.asn.au
Tue Jun 29 21:52:17 AWST 2021
On Tue 29/6/2021, at 9:47 pm, roytam at gmail.com wrote:
>
>> That itself wouldn't be a problem if we could just crypt all incoming password attempts before checking a username's existence - the problem is that the password crypt algorithm can vary per user, so the time will vary too. We have to guess which algorithm to use for unknown users. So rather than adding some complicated logic I just limited the password length.
>
> OK I got it. But does the risk become higher if I change
> DROPBEAR_MAX_PASSWORD_LEN to higher value. for example, 200?
If a successful login for a 200 char password takes longer than ~250ms (svr-auth.c send_msg_userauth_failure()) then it's probably possible to figure if usernames exist on a system. That may or may not be a security problem depending on the situation. The length will depend on the speed and crypt algorithms of the system.
Cheers,
Matt
More information about the Dropbear
mailing list