upstream: Defend against user enumeration timing attacks. This establishes a minimum time for each failed authentication attempt (5ms) and adds a per-user constant derived from a host secret (0-4ms). Based on work by joona.kannisto at tut.fi, ok markus@ djm@. OpenBSD-Commit-ID: b7845b355bb7381703339c8fb0e57e81a20ae5ca

commit: e9d910b0289c820852f7afa67f584cef1c05fe95 [log] [tgz]
author: dtucker@openbsd.org <dtucker@openbsd.org> Fri Apr 13 03:57:26 2018 +0000
committer: Darren Tucker <dtucker@dtucker.net> Fri Apr 13 15:26:11 2018 +1000
tree: 207f618329c9df13a2278c71c95b1dc66450bb86
parent: d97874cbd909eb706886cd0cdd418f812c119ef9 [diff] [blame]
diff --git a/servconf.h b/servconf.h
index 37a0fb1..6d2553c 100644
--- a/servconf.h
+++ b/servconf.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: servconf.h,v 1.130 2017/10/25 00:19:47 djm Exp $ */
+/* $OpenBSD: servconf.h,v 1.131 2018/04/13 03:57:26 dtucker Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -209,6 +209,7 @@
 
 	int	fingerprint_hash;
 	int	expose_userauth_info;
+	u_int64_t timing_secret;
 }       ServerOptions;
 
 /* Information about the incoming connection as used by Match */
commit	e9d910b0289c820852f7afa67f584cef1c05fe95	[log] [tgz]
author	dtucker@openbsd.org <dtucker@openbsd.org>	Fri Apr 13 03:57:26 2018 +0000
committer	Darren Tucker <dtucker@dtucker.net>	Fri Apr 13 15:26:11 2018 +1000
tree	207f618329c9df13a2278c71c95b1dc66450bb86
parent	d97874cbd909eb706886cd0cdd418f812c119ef9 [diff] [blame]