[Freedombox-discuss] Block brute force login attacks?

[Lorenzo]

On 15. 06. 14 17:18, Sandy Harris wrote:
> "  Bcrypt is the default for NetBSD. It is available in the
> "  Ubuntu repositories, so I presume also in Debian. I'd
> "  say it should be the default for the box, and we could
> "  ask the Debian folks to look at whether it might
> "  become the default for Debian.
>

Using bcrypt to block bruteforce password logins should be done in a 
careful way. If the box has to compute the hash then the attacker has an 
easy way launch a DoS: It just has to initiate a lot of connection 
attempts and the box would use all the CPU time computing bcrypt hashes. 
If it would be possible to make the client compute the bcrypt hash of a 
challenge then that would be nice, but I don't think support for this is 
widely available.

One could also keep the benefit of bcrypt, namely the delay, but avoid 
the computation overhead:

pam_faildelay (8) could be for instance a simple yet effective option. 
This pam module introduces a delay between the moment the authentication 
fails and the moment in which the client performing the authentication 
is notified of the failure. Using this tool one can divide by orders of 
magnitude the number of attempts per second that an attacker can do.

Clearly a smart attacker can kill the connection before receiving the 
failure message when it notices that it is taking too long but doing so 
it risks to kill too early the attempt with the correct password. To 
really prevent this type of attack one should insert a delay also in 
successful connections (say 60 seconds), but this would probably be a 
pain to use and I don't think pam_faildelay would support this use case. 
And even then an attacker could try to initiate many connections...

Well it's a complex problem, just wanted to contribute my 2 cts :)