From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE autolearn=ham autolearn_force=no version=3.4.4 Received: from tb-ob0.topicbox.com (tb-ob0.topicbox.com [64.147.108.117]) by inbox.vuxu.org (Postfix) with ESMTP id BA38C25367 for ; Mon, 13 May 2024 12:18:21 +0200 (CEST) Received: from tb-mx0.topicbox.com (tb-mx0.nyi.icgroup.com [10.90.30.73]) by tb-ob0.topicbox.com (Postfix) with ESMTP id 8EE9B220C0 for ; Mon, 13 May 2024 06:18:20 -0400 (EDT) (envelope-from bounce.mM2867926d1deafb39060269df.r522be890-2105-11eb-b15e-8d699134e1fa@9fans.bounce.topicbox.com) Received: by tb-mx0.topicbox.com (Postfix, from userid 1132) id 8B81D9DFEF2; Mon, 13 May 2024 06:18:20 -0400 (EDT) ARC-Authentication-Results: i=2; topicbox.com; arc=pass; dkim=none (no signatures found); dmarc=none policy.published-domain-policy=none policy.applied-disposition=none policy.evaluated-disposition=none (p=none,d=none,d.eval=none) policy.policy-from=p header.from=hamnavoe.com; spf=pass smtp.mailfrom=miller@hamnavoe.com smtp.helo=mx2.mythic-beasts.com; x-internal-arc=fail (as.1.topicbox.com=pass, ams.1.topicbox.com=fail (message has been altered)) (Message modified while forwarding at Topicbox) ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d= topicbox.com; h=message-id:to:subject:from:date:in-reply-to :mime-version:content-type:content-transfer-encoding:list-help :list-id:list-post:list-subscribe:reply-to:list-unsubscribe; s= sysmsg-1; t=1715595500; bh=nbHNR+H0QzAebwqghNutgEuC1xV+OBkolDooQ nAsHS4=; b=gQV1ACi3B0szEY54CHnTCDP/DOV8CbzKHEPm0d++0c1+l1gDFSgYq q0tfOqthpMNbWm8s0cTc5kFIo5LvBJoWH1/iPuDZEWnIu+1BAHl99ypHc5mR61nh s0XKU3PCbYjwLX02YsbWbTrB8okUEOgeoTWaWYh9Vg4jKzIuDqzi4A= ARC-Seal: i=2; a=rsa-sha256; cv=pass; d=topicbox.com; s=sysmsg-1; t= 1715595500; b=At1LPOfTE/Xx4jVkqQaM6hsbIRsFgumoW+ZG4ZbK7zwm7vlDuu cx2C5HxU1fw+ZuF7eVjqdhHIlKk7AMJBWcdGE49Oqd9R53RBXan4DS/Y3M2Gy/pq JaNiGKsZZDYaw7IhpMThQ5qruWu8Enn7psEE8ruOgiSITYeJGZ6yg/h/E= Authentication-Results: topicbox.com; arc=pass; dkim=none (no signatures found); dmarc=none policy.published-domain-policy=none policy.applied-disposition=none policy.evaluated-disposition=none (p=none,d=none,d.eval=none) policy.policy-from=p header.from=hamnavoe.com; spf=pass smtp.mailfrom=miller@hamnavoe.com smtp.helo=mx2.mythic-beasts.com; x-internal-arc=fail (as.1.topicbox.com=pass, ams.1.topicbox.com=fail (message has been altered)) (Message modified while forwarding at Topicbox) X-Received-Authentication-Results: tb-mx1.topicbox.com; arc=none (no signatures found); bimi=skipped (DMARC did not pass); dkim=none (no signatures found); dmarc=none policy.published-domain-policy=none policy.applied-disposition=none policy.evaluated-disposition=none (p=none,d=none,d.eval=none) policy.policy-from=p header.from=hamnavoe.com; iprev=pass smtp.remote-ip=46.235.227.24 (mx2.mythic-beasts.com); spf=pass smtp.mailfrom=miller@hamnavoe.com smtp.helo=mx2.mythic-beasts.com; x-aligned-from=domain_pass (Domain match); x-me-sender=none; x-ptr=pass smtp.helo=mx2.mythic-beasts.com policy.ptr=mx2.mythic-beasts.com; x-return-mx=pass header.domain=hamnavoe.com policy.is_org=yes (MX Records found: mx2.mythic-beasts.com,mx1.mythic-beasts.com); x-return-mx=pass smtp.domain=hamnavoe.com policy.is_org=yes (MX Records found: mx2.mythic-beasts.com,mx1.mythic-beasts.com); x-tls=pass smtp.version=TLSv1.2 smtp.cipher=ECDHE-RSA-AES256-GCM-SHA384 smtp.bits=256/256; x-vs=clean score=0 state=0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=9fans.net; h=message-id :to:subject:from:date:in-reply-to:mime-version:content-type :content-transfer-encoding:list-help:list-id:list-post :list-subscribe:reply-to:list-unsubscribe; s=dkim-1; t= 1715595500; x=1715681900; bh=5zT4ge/8UhC5qDuJy/8CCWvcBRTNUl8Xv6o ylpCTGrE=; b=Tt5cxu8mUpHfn+GyIyVhCGPaeZ1HlVCHmw8y4zBk7ur2CZpJ42O 9X6H01V+9rSSic3gL1ag5TBQKHCQURJJWQJj28uPJpSvYTYTkYGAeLXMehiiIeKZ sJ5Hu1GpYN5rgjrs09H/sRGZBQ4Vcxszt7rOL+Pq7khWOPogIoVa/vH0= Received: from tb-mx1.topicbox.com (localhost.local [127.0.0.1]) by tb-mx1.topicbox.com (Postfix) with ESMTP id 67B10141B16F for <9fans@9fans.net>; Mon, 13 May 2024 06:18:10 -0400 (EDT) (envelope-from miller@hamnavoe.com) Received: from tb-mx1.topicbox.com (localhost [127.0.0.1]) by tb-mx1.topicbox.com (Authentication Milter) with ESMTP id 8FD3A5B2EF6; Mon, 13 May 2024 06:18:10 -0400 ARC-Seal: i=1; a=rsa-sha256; cv=none; d=topicbox.com; s=arcseal; t= 1715595490; b=dJOPa+1LciXee1dZFA/IQFZMuV6HN61cUKrDxg8nB98cpNPtVh ZIo6MYoCkxlppWUtV2h6WecDHA/AJM74wkwQ2I/UW8/CS/p/OdW35KDsH4NomnMi YAMi0Ix7/BaQUWxncnMi9ToMXO7I0pPkonWNRpRVYTtcDYzy2XdjbycUJoBVnAn0 iaaZ18xpOKgcKoyVDHeMk/aDzBAD88AOEIDb4JxFibhuI30hPSwls5lwZu+aSvel TeOfSRjVtLP/y4m/Y8PsLeXK0iTcs3Ad/RQxDT2hmWO151PfsSO+m+AIl+yRUk4Y jev+KTB86FBtKugAkJCZqhOeqGNIyCClxNPg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d= topicbox.com; h=message-id:to:subject:from:date:in-reply-to :mime-version:content-type:content-transfer-encoding; s=arcseal; t=1715595490; bh=Ge/kb+lAjy7Bi5jKkXNpDBjVC5IqIEOhOdwO2Rmc6OY=; b= ReFYlaX7T2w1QBPqEuOGbuH3fju6qpGNtgp/4jBOWlwCw7KhJ86pclHf9loroMxp 8t/YNQVoH7q1RJ29egMRuoAmSecgdwt1m9TqwDqLsXvCkLO2lqwfMq6T3mRmlQrM bfA4XFi0H1jvmQIDTjKBgLNqdefoZQrOC5iuOZUPKFsbYwdvsmzhFTyiP1bBcdrb 0G9g3/u6SrOQ1/r/Qjj29AgtBIT/LFBCwhqIPE3KA3/6i4BQxoCC6aJ/T8AKzjPC x6BRW67WAYzSIUhVSG5s2DCqn06eW1ISOhns5g0aXRPPjNpu7GpT8Xc/ODTfRMnh ePZAQ8K3f9BeNK4Ma2WmRw== ARC-Authentication-Results: i=1; tb-mx1.topicbox.com; arc=none (no signatures found); bimi=skipped (DMARC did not pass); dkim=none (no signatures found); dmarc=none policy.published-domain-policy=none policy.applied-disposition=none policy.evaluated-disposition=none (p=none,d=none,d.eval=none) policy.policy-from=p header.from=hamnavoe.com; iprev=pass smtp.remote-ip=46.235.227.24 (mx2.mythic-beasts.com); spf=pass smtp.mailfrom=miller@hamnavoe.com smtp.helo=mx2.mythic-beasts.com; x-aligned-from=domain_pass (Domain match); x-me-sender=none; x-ptr=pass smtp.helo=mx2.mythic-beasts.com policy.ptr=mx2.mythic-beasts.com; x-return-mx=pass header.domain=hamnavoe.com policy.is_org=yes (MX Records found: mx2.mythic-beasts.com,mx1.mythic-beasts.com); x-return-mx=pass smtp.domain=hamnavoe.com policy.is_org=yes (MX Records found: mx2.mythic-beasts.com,mx1.mythic-beasts.com); x-tls=pass smtp.version=TLSv1.2 smtp.cipher=ECDHE-RSA-AES256-GCM-SHA384 smtp.bits=256/256; x-vs=clean score=0 state=0 X-ME-VSCause: gggruggvucftvghtrhhoucdtuddrgedvledrvdeggedgvdeiucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdggtfgfnhhsuhgsshgtrhhisggvpdfu rfetoffkrfgpnffqhgenuceurghilhhouhhtmecufedttdenucenucfjughrpefkvffuhf ffjgggtgfgsehtjehjtddttddvnecuhfhrohhmpeftihgthhgrrhguucfoihhllhgvrhcu oeelfhgrnhhssehhrghmnhgrvhhovgdrtghomheqnecuggftrfgrthhtvghrnhepvedtfe dtjeefhfellefhtddthffhgffhfedufeetgffhheefhffftedvheegjeeunecukfhppeeg iedrvdefhedrvddvjedrvdegnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpe hinhgvthepgeeirddvfeehrddvvdejrddvgedphhgvlhhopehmgidvrdhmhihthhhitgdq sggvrghsthhsrdgtohhmpdhmrghilhhfrhhomhepoehmihhllhgvrheshhgrmhhnrghvoh gvrdgtohhmqedpnhgspghrtghpthhtohepuddprhgtphhtthhopeeolehfrghnsheslehf rghnshdrnhgvtheq X-ME-VSScore: 0 X-ME-VSCategory: clean Received-SPF: pass (hamnavoe.com: Sender is authorized to use 'miller@hamnavoe.com' in 'mfrom' identity (mechanism 'include:_spf.mythic-beasts.com' matched)) receiver=tb-mx1.topicbox.com; identity=mailfrom; envelope-from="miller@hamnavoe.com"; helo=mx2.mythic-beasts.com; client-ip=46.235.227.24 Received: from mx2.mythic-beasts.com (mx2.mythic-beasts.com [46.235.227.24]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by tb-mx1.topicbox.com (Postfix) with ESMTPS for <9fans@9fans.net>; Mon, 13 May 2024 06:18:09 -0400 (EDT) (envelope-from miller@hamnavoe.com) Received: by mailhub-hex-d.mythic-beasts.com with esmtpsa (TLS1.2) tls TLS_RSA_WITH_AES_256_CBC_SHA (Exim 4.94.2) (envelope-from ) id 1s6Sky-0073Qg-GF for 9fans@9fans.net; Mon, 13 May 2024 11:18:08 +0100 Message-ID: <632cb09b3e7078b8bee2a0ad20cee6fb@hamnavoe.com> To: 9fans@9fans.net Subject: Re: [9fans] one weird trick to break p9sk1 ? From: Richard Miller <9fans@hamnavoe.com> Date: Mon, 13 May 2024 11:18:07 +0100 In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-BlackCat-Spam-Score: 12 Topicbox-Policy-Reasoning: allow: sender is a member Topicbox-Message-UUID: 1bea53ce-1112-11ef-8145-d465a40e492b Archived-At: =?UTF-8?B?PGh0dHBzOi8vOWZhbnMudG9waWNib3guY29tL2dyb3Vwcy85?= =?UTF-8?B?ZmFucy9UNTYzOTdlZmY2MjY5YWYyNy1NMjg2NzkyNmQxZGVhZmIzOTA2MDI2?= =?UTF-8?B?OWRmPg==?= List-Help: List-Id: "9fans" <9fans.9fans.net> List-Post: List-Software: Topicbox v0 List-Subscribe: Precedence: list Reply-To: 9fans <9fans@9fans.net> List-Unsubscribe: , Topicbox-Delivery-ID: 2:9fans:437d30aa-c441-11e9-8a57-d036212d11b0:522be890-2105-11eb-b15e-8d699134e1fa:M2867926d1deafb39060269df:1:bLT1gP07vxgK0VUoBUm42xAeg4mSIBCv7YixthUoBEY Jacob and Ori, thank you for filling in some more details. Without the specifics I had been making some wrong assumptions about where the exact threat was. I think I now have a clearer picture: It's not particularly p9sk1 which is vulnerable, but the protocol for ticket request / response, which leaks enough information to allow offline exploration of user keys. The contribution of p9sk1 is that its handshake protocol helpfully reveals a valid user name - ie the authid - which can be used by an attacker to make a legitimate ticket request, without any need for eavesdropping or guessing at user names. So, if you have an authentication service exposed to the ipv4 internet (or to the ipv6 internet with a findable address), and your authid or a known or guessable userid has a weak enough password to succumb to a dictionary search, it's probably right to say that a random attacker could make a cpu connection or mount your file service with an afternoon's work on consumer hardware. Nobody needs to have weak passwords, though. Using the !hex attribute instead of !password with factotum, and/or using secstore(1), makes it easy to have a randomly generated DES key with the full 56 bits of entropy. This makes the attacker do more work ... but not all that much more. I hadn't kept up with how powerful commodity GPUs have become. (My most recent experience with High Performance Computing involved transputer arrays and Cray T3Ds. Nowadays I specialise in low performance computing.) It appears that investment of a few thousand dollars and a few days compute time (maybe less if using cloud services) is enough for a full brute-force exploration of the single-DES keyspace. ------------------------------------------ 9fans: 9fans Permalink: https://9fans.topicbox.com/groups/9fans/T56397eff6269af27-M28679= 26d1deafb39060269df Delivery options: https://9fans.topicbox.com/groups/9fans/subscription