From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bounce.mMd3a8fecbefcca9c49ceeb87e.r522be890-2105-11eb-b15e-8d699134e1fa@9fans.bounce.topicbox.com>
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org
X-Spam-Level: 
X-Spam-Status: No, score=-0.7 required=5.0 tests=DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED,DKIM_VALID,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,
	HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE
	autolearn=ham autolearn_force=no version=3.4.4
Received: from tb-ob1.topicbox.com (tb-ob1.topicbox.com [64.147.108.173])
	by inbox.vuxu.org (Postfix) with ESMTP id 7627F21421
	for <ml@inbox.vuxu.org>; Mon, 13 May 2024 12:48:23 +0200 (CEST)
Received: from tb-mx0.topicbox.com (tb-mx0.nyi.icgroup.com [10.90.30.73])
	by tb-ob1.topicbox.com (Postfix) with ESMTP id 6CAFC24877
	for <ml@inbox.vuxu.org>; Mon, 13 May 2024 06:48:23 -0400 (EDT)
	(envelope-from bounce.mMd3a8fecbefcca9c49ceeb87e.r522be890-2105-11eb-b15e-8d699134e1fa@9fans.bounce.topicbox.com)
Received: by tb-mx0.topicbox.com (Postfix, from userid 1132)
	id 6A8D0188B486; Mon, 13 May 2024 06:48:23 -0400 (EDT)
ARC-Authentication-Results: i=2; topicbox.com; arc=pass; dkim=pass (2048-bit rsa key
 sha256) header.d=gmail.com header.i=@gmail.com header.b=Sf8ZUCmV
 header.a=rsa-sha256 header.s=20230601 x-bits=2048; dmarc=pass
 policy.published-domain-policy=none
 policy.published-subdomain-policy=quarantine policy.applied-disposition=none
 policy.evaluated-disposition=none (p=none,sp=quarantine,d=none,d.eval=none)
 policy.policy-from=p header.from=gmail.com; spf=pass
 smtp.mailfrom=23hiro@gmail.com smtp.helo=mail-pj1-f50.google.com;
 x-internal-arc=fail (as.1.topicbox.com=pass, ams.1.topicbox.com=fail (message
 has been altered)) (Message modified while forwarding at Topicbox)
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=
	topicbox.com; h=mime-version:references:in-reply-to:from:date
	:message-id:subject:to:content-type:list-help:list-id:list-post
	:list-subscribe:reply-to:content-transfer-encoding
	:list-unsubscribe; s=sysmsg-1; t=1715597303; bh=TtaZPHVB+ObGh1H8
	25odCfBPMWxIwLpGUon+IpeJkHw=; b=SvTHryfOSpeoNckkeo9fVjzdi9ZpMSVJ
	eVLjwxtCQVd0uh0MVYzCR33alpI2KHVArD6AXhi3NOmxc+9hztUmldWe1ameoMen
	HqjArJOU4j6ALo5pqn390MglxfmRq/eqTGXqQ/AEjbKqUFByAzcMlRQKgr9kKb/9
	/7LYxFb4xv0=
ARC-Seal: i=2; a=rsa-sha256; cv=pass; d=topicbox.com; s=sysmsg-1; t=
	1715597303; b=LK9GIa6znskQS1xBkkOB4s4uOLzOQlvcPdr0XB7CAW3NOaEVzQ
	PqvJzxiuGtAeWha7s8epbH6HZUCv2rnZeHvKCtvQb7pWfDPT0zz7vJ9JLQbbilF4
	y2Mo8/NeIdh9XqmRKvatnK76nW+ICkdabZVJCv6ijUF07Wsj4E1/c3weU=
Authentication-Results: topicbox.com; arc=pass; dkim=pass (2048-bit rsa key
 sha256) header.d=gmail.com header.i=@gmail.com header.b=Sf8ZUCmV
 header.a=rsa-sha256 header.s=20230601 x-bits=2048; dmarc=pass
 policy.published-domain-policy=none
 policy.published-subdomain-policy=quarantine policy.applied-disposition=none
 policy.evaluated-disposition=none (p=none,sp=quarantine,d=none,d.eval=none)
 policy.policy-from=p header.from=gmail.com; spf=pass
 smtp.mailfrom=23hiro@gmail.com smtp.helo=mail-pj1-f50.google.com;
 x-internal-arc=fail (as.1.topicbox.com=pass, ams.1.topicbox.com=fail (message
 has been altered)) (Message modified while forwarding at Topicbox)
X-Received-Authentication-Results: tb-mx0.topicbox.com; arc=none (no
 signatures found); bimi=skipped (DMARC Policy is not at enforcement);
 dkim=pass (2048-bit rsa key sha256) header.d=gmail.com header.i=@gmail.com
 header.b=Sf8ZUCmV header.a=rsa-sha256 header.s=20230601 x-bits=2048;
 dmarc=pass policy.published-domain-policy=none
 policy.published-subdomain-policy=quarantine policy.applied-disposition=none
 policy.evaluated-disposition=none (p=none,sp=quarantine,d=none,d.eval=none)
 policy.policy-from=p header.from=gmail.com; iprev=pass
 smtp.remote-ip=209.85.216.50 (mail-pj1-f50.google.com); spf=pass
 smtp.mailfrom=23hiro@gmail.com smtp.helo=mail-pj1-f50.google.com;
 x-aligned-from=pass (Address match); x-google-dkim=pass (2048-bit rsa key)
 header.d=1e100.net header.i=@1e100.net header.b=DyHlV5ZL; x-me-sender=none;
 x-ptr=pass smtp.helo=mail-pj1-f50.google.com
 policy.ptr=mail-pj1-f50.google.com; x-return-mx=pass header.domain=gmail.com
 policy.is_org=yes (MX Records found:
 alt3.gmail-smtp-in.l.google.com,gmail-smtp-in.l.google.com,alt2.gmail-smtp-in.l.google.com,alt1.gmail-smtp-in.l.google.com,alt4.gmail-smtp-in.l.google.com); x-return-mx=pass smtp.domain=gmail.com policy.is_org=yes (MX Records found: alt3.gmail-smtp-in.l.google.com,gmail-smtp-in.l.google.com,alt2.gmail-smtp-in.l.google.com,alt1.gmail-smtp-in.l.google.com,alt4.gmail-smtp-in.l.google.com); x-tls=pass smtp.version=TLSv1.2 smtp.cipher=ECDHE-RSA-AES256-GCM-SHA384 smtp.bits=256/256; x-vs=clean score=0 state=0
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=9fans.net; h=
	mime-version:references:in-reply-to:from:date:message-id:subject
	:to:content-type:list-help:list-id:list-post:list-subscribe
	:reply-to:content-transfer-encoding:list-unsubscribe; s=dkim-1;
	 t=1715597303; x=1715683703; bh=TtaZPHVB+ObGh1H825odCfBPMWxIwLpG
	Uon+IpeJkHw=; b=JubPwN6ZiNk57zwwrDPzJ2liW7DaGNzhQR6Weh8yuCnRx2w1
	zXKgvHnibgjFYpkSY5QxB5cL+A9CwxEtVFPkN+ucrDP27hGR8MW80qpg/pcL7MPP
	6RKV8HMUJ94la/1dMGYuyVHLWZPEdXEPIZFZfVgVzGcij3gNPuQxYugD64g=
Received: from tb-mx0.topicbox.com (localhost.local [127.0.0.1])
	by tb-mx0.topicbox.com (Postfix) with ESMTP id 1272E188B044
	for <9fans@9fans.net>; Mon, 13 May 2024 06:48:13 -0400 (EDT)
	(envelope-from 23hiro@gmail.com)
Received: from tb-mx0.topicbox.com (localhost [127.0.0.1])
    by tb-mx0.topicbox.com (Authentication Milter) with ESMTP
    id A30996B834D;
    Mon, 13 May 2024 06:48:12 -0400
ARC-Seal: i=1; a=rsa-sha256; cv=none; d=topicbox.com; s=arcseal; t=
    1715597292; b=lohr13txoeY8urqkXKOdbTMNkJBsupSfDJE4X9fENxAJ2Eb/P/
    XAfiEckVCHPM/NIll1Z+VfUh0wPqjznQJ6WT0ulDf7t9ShgDQxOc69AKw/6uW78C
    QKiqhmDxvZiEm42FmeH9/oumsmqaj2BUkxd1LEDQ781Nhye+Qj2QTxhjOgJf8tLb
    /2Df11JriO77wlUzP0HNDO2817yDznohqOOT9ziXR+PdOG6UpbEpWqJtNxGC8mJz
    7vmUYnP2cifSV7qyAaH6ZciTc7LwiugC1ALRns6srcfwDJMhVNE7I/OtkYo9VoIx
    p+xvWCPjMcuyTqWhTmvrXI3vRtpjwG/AQ5Mg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=
    topicbox.com; h=mime-version:references:in-reply-to:from:date
    :message-id:subject:to:content-type; s=arcseal; t=1715597292;
    bh=SL7l15zK3ssWz/I2ejwgVuoe6ZeumnDNH4gcH/fGqrE=; b=d5DxH4426Woi
    gCuvl2iRbAokvgYwbI4i7EatiuUcblux7QjBpWQBLW8Yil0SOFPKO/odJjeZGQss
    mJnpl943BJx3gIEnRLbrpsb6xLsNL6bNJEEMT0G8WSHboeWe4BF7Hq8ZaSIeqHUg
    Y9rZ5paWc2jod7UTk8t1vxAyNiocI74XZttwXsGlmOkQuZzl0O/7L6WutYnPcwBM
    7lWMNyrLPRMadr4jnjCync4jJjEBM9fejUJ5dbHfI9Ygqi8Y7crP0WCZ3mPwaO/b
    hTsZVrkSx7MGxTwJCmDgf3LOA2DBdD65ZSvhONSJHBrqSVvlddvJ0rVYx7VGR5YP
    KvOja+WTOw==
ARC-Authentication-Results: i=1; tb-mx0.topicbox.com;
    arc=none (no signatures found);
    bimi=skipped (DMARC Policy is not at enforcement);
    dkim=pass (2048-bit rsa key sha256) header.d=gmail.com
    header.i=@gmail.com header.b=Sf8ZUCmV header.a=rsa-sha256
    header.s=20230601 x-bits=2048;
    dmarc=pass policy.published-domain-policy=none
    policy.published-subdomain-policy=quarantine
    policy.applied-disposition=none policy.evaluated-disposition=none
    (p=none,sp=quarantine,d=none,d.eval=none) policy.policy-from=p
    header.from=gmail.com;
    iprev=pass smtp.remote-ip=209.85.216.50 (mail-pj1-f50.google.com);
    spf=pass smtp.mailfrom=23hiro@gmail.com
    smtp.helo=mail-pj1-f50.google.com;
    x-aligned-from=pass (Address match);
    x-google-dkim=pass (2048-bit rsa key) header.d=1e100.net
    header.i=@1e100.net header.b=DyHlV5ZL;
    x-me-sender=none;
    x-ptr=pass smtp.helo=mail-pj1-f50.google.com
    policy.ptr=mail-pj1-f50.google.com;
    x-return-mx=pass header.domain=gmail.com policy.is_org=yes
    (MX Records found: alt3.gmail-smtp-in.l.google.com,gmail-smtp-in.l.google.com,alt2.gmail-smtp-in.l.google.com,alt1.gmail-smtp-in.l.google.com,alt4.gmail-smtp-in.l.google.com);
    x-return-mx=pass smtp.domain=gmail.com policy.is_org=yes
    (MX Records found: alt3.gmail-smtp-in.l.google.com,gmail-smtp-in.l.google.com,alt2.gmail-smtp-in.l.google.com,alt1.gmail-smtp-in.l.google.com,alt4.gmail-smtp-in.l.google.com);
    x-tls=pass smtp.version=TLSv1.2 smtp.cipher=ECDHE-RSA-AES256-GCM-SHA384
    smtp.bits=256/256;
    x-vs=clean score=0 state=0
X-ME-VSCause: gggruggvucftvghtrhhoucdtuddrgedvledrvdeggedgfedvucetufdoteggodetrfdotf
    fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdggtfgfnhhsuhgsshgtrhhisggvpdfu
    rfetoffkrfgpnffqhgenuceurghilhhouhhtmecufedttdenucenucfjughrpeggfhgjhf
    ffkffuvfgtsehttdertddttdejnecuhfhrohhmpehhihhrohcuoedvfehhihhrohesghhm
    rghilhdrtghomheqnecuggftrfgrthhtvghrnhepteeltdeflefhffehieeuieeggeekud
    ehgfefkeejiedthefhudeuffekvdeuhefgnecukfhppedvtdelrdekhedrvdduiedrhedt
    necuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehinhgvthepvddtledrkeehrd
    dvudeirdehtddphhgvlhhopehmrghilhdqphhjuddqfhehtddrghhoohhglhgvrdgtohhm
    pdhmrghilhhfrhhomhepoedvfehhihhrohesghhmrghilhdrtghomheqpdhnsggprhgtph
    htthhopedupdhrtghpthhtohepoeelfhgrnhhsseelfhgrnhhsrdhnvghtqe
X-ME-VSScore: 0
X-ME-VSCategory: clean
Received-SPF: pass
    (gmail.com ... _spf.google.com: Sender is authorized to use '23hiro@gmail.com' in 'mfrom' identity (mechanism 'include:_netblocks.google.com' matched))
    receiver=tb-mx0.topicbox.com;
    identity=mailfrom;
    envelope-from="23hiro@gmail.com";
    helo=mail-pj1-f50.google.com;
    client-ip=209.85.216.50
Received: from mail-pj1-f50.google.com (mail-pj1-f50.google.com [209.85.216.50])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by tb-mx0.topicbox.com (Postfix) with ESMTPS
	for <9fans@9fans.net>; Mon, 13 May 2024 06:48:12 -0400 (EDT)
	(envelope-from 23hiro@gmail.com)
Received: by mail-pj1-f50.google.com with SMTP id 98e67ed59e1d1-2b516b36acfso1116119a91.2
        for <9fans@9fans.net>; Mon, 13 May 2024 03:48:12 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1715597291; x=1716202091;
        h=to:subject:message-id:date:from:in-reply-to:references:mime-version
         :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=SL7l15zK3ssWz/I2ejwgVuoe6ZeumnDNH4gcH/fGqrE=;
        b=DyHlV5ZL9ZyrNEHH0E2ETqnc0n+1u3fKK1LieKCVd062Zrz+L91HnQ7s5m6k0UQtGh
         WF1lj/H9Pcje/vqzRXoVyCI0XSiKM5TPPXGAjh0sJUdzzYDn+eVjdWQ2kwsDaC4p0aVc
         h2HrE3IEub4ZWoFTQFNgSPSu8zP5WX52/DLzJqQOda+dc31jmFTP6E7ZAJRn25GFlQ5L
         bC0rjy3wgO2woRFngob7M2c5S2iBuIzNjKuA/2vcEzhWgO6MVXOVMwcD4YJBFpj07KJq
         AIuNWDN08HCkUqIzN5+CXlsZxxfo122EiufKWgzsNh92FTTMykRAAlfXsHD4s7YKkKai
         ZfEg==
X-Gm-Message-State: AOJu0YzaVXTj+y4zQ/40oCh+byrct4JzIQ4MnaWDlRnmuZXsn2icUvLY
	p0xJopCB/y2kQRu29YBGTYn4wqiBTFPgxb29niWi7oLZatd9PwdMMg0QCCAzZpDwRoalMWTL9q1
	StSkgwIYrvP4BMaPwwQ+LiTwk5Sjt2wm0
X-Google-Smtp-Source: AGHT+IFpBxyHnoRCr85T0siRGKobu3WgPbxzH81FpMoqKrKaVS9h+dX9qYJTYz0cSq2sNfD6lFoQuyxKN5OBHha5HEQ=
X-Received: by 2002:a05:6a21:6da1:b0:1af:a4a5:a26a with SMTP id
 adf61e73a8af0-1afde0b59e5mr11046397637.1.1715597291557; Mon, 13 May 2024
 03:48:11 -0700 (PDT)
MIME-Version: 1.0
References: <EC2ADD337875C1D85C17F0DAE3B12B9C@eigenstate.org> <632cb09b3e7078b8bee2a0ad20cee6fb@hamnavoe.com>
In-Reply-To: <632cb09b3e7078b8bee2a0ad20cee6fb@hamnavoe.com>
From: hiro <23hiro@gmail.com>
Date: Mon, 13 May 2024 12:48:00 +0200
Message-ID: <CAFSF3XM5Eu-4O6bh6SGrh-rufN0h5S1sa+FG_GcVraywkMaefA@mail.gmail.com>
Subject: Re: [9fans] one weird trick to break p9sk1 ?
To: 9fans <9fans@9fans.net>
Content-Type: text/plain; charset=UTF-8
Topicbox-Policy-Reasoning: allow: sender is a member
Topicbox-Message-UUID: 4e5aa896-1116-11ef-9871-c8bf068c7b06
Archived-At: =?UTF-8?B?PGh0dHBzOi8vOWZhbnMudG9waWNib3guY29tL2dyb3Vwcy85?=
 =?UTF-8?B?ZmFucy9UNTYzOTdlZmY2MjY5YWYyNy1NZDNhOGZlY2JlZmNjYTljNDljZWVi?=
 =?UTF-8?B?ODdlPg==?=
List-Help: <https://9fans.topicbox.com/groups/9fans>
List-Id: "9fans" <9fans.9fans.net>
List-Post: <mailto:9fans@9fans.net>
List-Software: Topicbox v0
List-Subscribe: <https://9fans.topicbox.com/groups/9fans>
Precedence: list
Reply-To: 9fans <9fans@9fans.net>
Content-Transfer-Encoding: quoted-printable
List-Unsubscribe: <https://9fans.topicbox.com/groups/9fans>,
 <mailto:9fans+unsubscribe@9fans.net?subject=x-tx-unsubscribe:2:9fans:437d30aa-c441-11e9-8a57-d036212d11b0:522be890-2105-11eb-b15e-8d699134e1fa:Md3a8fecbefcca9c49ceeb87e:1:D-gzo1yrJgnBrNyU-HYn-Y8llDlcI8OHxXn3-wQGYo8>
Topicbox-Delivery-ID:
 2:9fans:437d30aa-c441-11e9-8a57-d036212d11b0:522be890-2105-11eb-b15e-8d699134e1fa:Md3a8fecbefcca9c49ceeb87e:1:OqTnAFSZ086bKy7Y-dC-AbUCj0-J_v5QRSK0GJ6EELA

> So, if you have an authentication service exposed to the ipv4
> internet (or to the ipv6 internet with a findable address), and
> your authid or a known or guessable userid has a weak enough
> password to succumb to a dictionary search, it's probably right
> to say that a random attacker could make a cpu connection or
> mount your file service with an afternoon's work on consumer
> hardware.

not only will they be able to make the connection, but they will be
authenticated as a user that is probably more permissive than the
'none' user.
for all the newbies reading this thread, this is the second reminder
to read the auth paper. it is truly excellent ;)

------------------------------------------
9fans: 9fans
Permalink: https://9fans.topicbox.com/groups/9fans/T56397eff6269af27-Md3a8f=
ecbefcca9c49ceeb87e
Delivery options: https://9fans.topicbox.com/groups/9fans/subscription