LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Non-iterated

Non-iterated

Posted Jan 8, 2013 13:19 UTC (Tue) by sbakker (subscriber, #58443)
In reply to: Non-iterated by epa
Parent article: An analysis of Debian wiki security breach

Um, LDAP over SSL will get you a long way. Rate-limiting ldap_bind() requests is a little harder, I guess, but solving that is less work than designing a completely new protocol.

Cheers,
Steven

(Log in to post comments)

Non-iterated

Posted Jan 8, 2013 14:03 UTC (Tue) by epa (subscriber, #39769) [Link]

Right, LDAP over SSL, but might the machine running the LDAP server not be compromised? The purpose of having a specific piece of hardware which stores and checks passwords, and supports no other operation, would be that even if the host system is 0wned the password store is not accessible.

Non-iterated

Posted Jan 8, 2013 14:42 UTC (Tue) by sbakker (subscriber, #58443) [Link]

(My LDAP comment was aimed at the notion of providing the USB device on cloud services. I don't see how you could get the physical USB device accessible from a cloud without using some networking stuff, in which case LDAP is just easier.)

Regarding the LDAP server being compromised or not, that depends on how well you protect/harden your LDAP server(s). I just don't see USB devices on each host scale very well and single sign-on is pretty much out of the question... Unless you attach your USB device to your LDAP server.

Also, how do you synchronise passwords in a HA environment? Given that the storage on the USB device is not accessible, it means you cannot make backups either. If the USB device breaks, that's it. Game over.

And, of course, you are assuming that the USB device has faultless security, and cannot be compromised itself. You still need to talk to it; over USB rather than IP, but buffers being buffers and programmers being programmers, I'm far from convinced there wouldn't be exploitable holes. Holes that would be that much harder to plug, because the device wouldn't (shouldn't!) allow you to fiddle with the firmware. Compare that to an apt-get/yum update to patch slapd.

Non-iterated

Posted Jan 8, 2013 15:54 UTC (Tue) by epa (subscriber, #39769) [Link]

All quite valid points. I guess it's not practical to use such a hardware approach. Getting people to sign in with Gmail or Facebook accounts may be a better answer to the problem.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds