lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 11 Sep 2006 11:35:08 -0400 From: "Brian Eaton" <eaton.lists@...il.com> To: 3APA3A <3APA3A@...urity.nnov.ru> Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com Subject: Re: Re[3]: RSA SecurID SID800 Token vulnerable by design On 9/11/06, 3APA3A <3APA3A@...urity.nnov.ru> wrote: > BE> Two-factor auth cannot be said to make accessing the network from a > BE> compromised PC "safe". That does not make two-factor auth useless. > BE> With plain passwords, once the attacker has the password, they can > BE> access the network at will. With two-factor auth, they can access > BE> the network for a much more limited time span. > > Network is compromised as long as attacker keeps control under > compromised host regardless of authentication. And sometimes longer. I think we're talking about different kinds of environments and authentication schemes. The example I had in mind was this one: - corporate web mail system requires two-factor auth for access - employee accesses the web mail system from a friend's machine that is loaded with spyware, authenticating using their token. - the spyware has access to the web mail system for as long as the token is in the machine - once the token is removed, the spyware can continue accessing the web mail system until the web mail system session expires So the damage is limited to what is stolen during the session, while with a password-only system the account could be used for an indefinite time period, i.e. until password change. <snip NTLM example> > It means, if authentication schema is NTLM-compatible (it must be for > compatibility with pre-Windows 2000 hosts and some network applications, > like Outlook Express), attacker can use compromised account to access > network resources without having access to 2-factor authentication > device. How long he can retain this access depends on how often > account's NT key is changed (usually with password change, but actually > depends on implementation of authentication system and may be never). Is this RSA whitepaper an example of what you are talking about? http://tinyurl.com/pb5n7 The whitepaper refers to Kerberos tickets, but the mechanism sounds like it could work with NTLM as well. I think the situation you are pointing out is where an authentication process requires an initial two-factor authentication, but then issues some kind of session key that takes a very long time to expire. That would seem to defeat the purpose of the two-factor auth. Regards, Brian _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists