Re: Weak passwords and brute force attacks

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Gavin Sherry <swm(at)linuxworld(dot)com(dot)au>
Cc: pgsql-hackers(at)postgresql(dot)org
Subject: Re: Weak passwords and brute force attacks
Date: 2006-12-08 05:06:38
Message-ID: 25406.1165554398@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Gavin Sherry <swm(at)linuxworld(dot)com(dot)au> writes:
> On Tue, 5 Dec 2006, Tom Lane wrote:
>> Gavin Sherry <swm(at)linuxworld(dot)com(dot)au> writes:
>>> The second mechanism is the delay on authentication failure.

>> This is a waste of effort, unless you propose to put the delay into both
>> the success and failure paths, which hardly seems acceptable. Otherwise
>> a guesser need only abandon the connection attempt after X microseconds
>> and try another password.

> That doesn't seem to be what PAM does, at leasts in the default config.
> What they do do is to sleep for a random period between no sleep and the
> threshold, so that the attacker cannot guess the appropriate time to wait
> before hanging up.

No, you missed my point: the attacker doesn't need to guess what the
failure delay is. As long as he has a pretty good idea what the
*success* response time ought to be, he can give up as soon as a bit
more than that has elapsed. Yup, it's probabilistic because there's
some uncertainty about the backend launch time, but what does he
care? Brute-force password attacks are always probabilistic.

A delay in the failure case is only helpful if you have some active way
to prevent the attacker from making another try before the delay has
elapsed. Which is something we don't have, at least not without
introducing a lot more complexity/fragility into the postmaster than
seems wise to me.

regards, tom lane

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Tom Lane 2006-12-08 05:21:38 Re: Load distributed checkpoint
Previous Message ITAGAKI Takahiro 2006-12-08 04:40:38 Re: Load distributed checkpoint