Re: [chrony-dev] Support for another crypto hash?

[ Thread Index | Date Index | More chrony.tuxfamily.org/chrony-dev Archives ]

To: chrony-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [chrony-dev] Support for another crypto hash?
From: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date: Tue, 8 Nov 2011 15:10:14 +0100

On Mon, Nov 07, 2011 at 03:56:49PM -0800, Bill Unruh wrote:
> There are I think two places where chrony uses passwords. One is in chronyc to
> allow a user to execute sensitive remote commands. The other is in the
> password protected ntp exchange, to ensure that the sources of your time have
> not been subverted by an adversary-- imaginge the problems is you are a
> currency trader, and your clock is made 10 seconds fast.

In chrony both are the same, only the verified packets have different
format. One is the standard NTP packet and the other is the cmdmon
packet with request or reply.

> >Sorry, bit confused about where we need a password and where a hash
> >
> >Point anyway is that if the hash is leaked then bruteforcing is
> >extremely feasible unless a "slow" hash is used.  I think that
> >summarises my side of the topic!

Slow hash would allow a client to use all of the CPU just by trying to
authenticate several times per second.

> Hashes are used for two things-- verification, and password checking.
> Verification is fine to use a fast hash (Ie, making sure that the message has
> not been changed in transmission to you.) Password checking needs a slow hash
> to protect against database leaks.

We use it only for verification, the password entered in chronyc is
the secret key used to generate the MAC appended to cmdmon packets.

I think a useful feature which could improve the security would be
ability in chronyc to read the command key directly from the keyfile.
If users are not required to enter the password manually, it's likely
they will use longer and stronger passwords.

If a better scheme is needed I think it should be a standard protocol
like SSL. We would probably need to switch to TCP and then it would
make sense to use a text based protocol.

-- 
Miroslav Lichvar

---
To unsubscribe email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "unsubscribe" in the subject.
For help email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "help" in the subject.
Trouble?  Email listmaster@xxxxxxxxxxxxxxxxxxxx.

References:
- Re: [chrony-dev] Support for another crypto hash?
  - From: Miroslav Lichvar
- Re: [chrony-dev] Support for another crypto hash?
  - From: Ed W
- Re: [chrony-dev] Support for another crypto hash?
  - From: Miroslav Lichvar
- Re: [chrony-dev] Support for another crypto hash?
  - From: Ed W
- Re: [chrony-dev] Support for another crypto hash?
  - From: Miroslav Lichvar
- Re: [chrony-dev] Support for another crypto hash?
  - From: Ed W
- Re: [chrony-dev] Support for another crypto hash?
  - From: Bill Unruh

Messages sorted by: [ date | thread ]
Prev by Date: Re: [chrony-dev] Support for another crypto hash?
Next by Date: [chrony-dev] [GIT] chrony/chrony.git branch, master, updated. 1.26-26-g9a01ccc
Previous by thread: Re: [chrony-dev] Support for another crypto hash?
Next by thread: [chrony-dev] [GIT] chrony/chrony.git branch, master, updated. 1.26-26-g9a01ccc

Mail converted by MHonArc 2.6.19+

http://listengine.tuxfamily.org/