On Sun, 2007-10-07 at 10:00 -0400, Steve Grubb wrote: > On Sunday 07 October 2007 08:26:51 Lubomir Kundrak wrote: > > > Leaking the information that a user exists or not is considered bad. > > > > Though I do not think that gdm is the right place to create user > > accounts, I disagree with this statement. > > > > Knowing that an user exists or not is in principle about the same > > dangerous as knowing whether a machine is up or not. > > Remember all the times that login programs or pam have been updated to fix > timing attacks that sometimes reveal whether an account is valid? Let me show > you one to refresh your memory (there are more): > > http://marc.info/?l=bugtraq&m=105172058404810&w=2 > > A successful account breach requires 3 things: a machine name, a valid > account, and the password. Letting people know that an account is valid cuts > the attack down to a dictionary attack. So what about trying to hide the machine name? This is plain nonsense. Time that was spent avoiding timing `attacks' was wasted. The _password_ is meant to be a key that is to be hidden, not the account name. If anything, dictionary attacks can be done against the username-password pair also. -- Lubomir Kundrak (Red Hat Security Response Team) -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
