lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 10 Oct 2006 00:41:25 +0200
From: Gianluca Varisco <giangy@...htemple.org>
To: bugtraq@...urityfocus.com
Cc: Marco Ivaldi <raptor@...eadbeef.info>
Subject: Re: yet another OpenSSH timing leak?

Marco Ivaldi wrote:
> It needs expect, and target ssh hostkey must be already added. I'd be 
> very interested in knowing the results of tests performed on other 
> distros and configurations.
> 

Hi Marco,

nice to meet you :-). I tried to do this test over my 10 Mbps lan and 
this is the result:

giangy@...r:~/dev$ ./sshtime calipso users.txt

a@...ipso	          	real 9.55
root@...ipso		        real 9.33 <- valid user with shell
wheel@...ipso             	real 10.44
giangy@...ipso             	real 9.49
cdrom@...ipso              	real 9.68
burning@...ipso                 real 9.47
mysql@...ipso                   real 9.35
operator@...ipso	        real 9.59 <- valid user with shell
test@...ipso	                real 9.51 <- valid user with shell

Another test:

a@...ipso          	   real 9.37
root@...ipso               real 9.90 <- valid user with shell
wheel@...ipso              real 10.66
giangy@...ipso             real 9.41
cdrom@...ipso              real 9.30
burning@...ipso            real 10.30
mysql@...ipso              real 9.47
operator@...ipso           real 10.21 <- valid user with shell
test@...ipso               real 10.98 <- valid user with shell
daemon@...ipso             real 7.14
abcd@...ipso               real 7.20


"root", "operator" and "test" are valid users with a valid shell 
enabled. I made this test on Slackware 11.0 (fresh installation) with 
OpenSSH_4.4p1. I used the default sshd_config (see 
http://slackware.osuosl.org/slackware-current/source/n/openssh/ for more 
informations about the package). So, I don't received any timing leak in 
this session.

I'll try as possible other distributions and configurations. However, 
good work Marco :-).

Best Regards,

Gianluca Varisco

Powered by blists - more mailing lists