Re: Openssh use enumeration

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 

On Thu, Jul 21, 2016 at 1:48 PM, Darren Tucker <dtucker@xxxxxxxxxx> wrote:
[...]
> Well if there are no accounts with a valid salt then there's also no
> valid account to compare the timing of invalid accounts against.
> Worst case that'd be DES crypt vs empty password and I'm not sure if
> you'd be able to pick that out of the background crypto.

I just measured the speed of DES crypt on a somewhat elderly 2.1GHz
Xeon X3210 at about 7 microseconds.  Good luck picking that out of
Diffie-Hellman exchange over a network.

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860  37F4 9357 ECEF 11EA A6FA (new)
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux