On Tue 29/6/2021, at 9:47 pm, roy...@gmail.com wrote: > >> That itself wouldn't be a problem if we could just crypt all incoming >> password attempts before checking a username's existence - the problem is >> that the password crypt algorithm can vary per user, so the time will vary >> too. We have to guess which algorithm to use for unknown users. So rather >> than adding some complicated logic I just limited the password length. > > OK I got it. But does the risk become higher if I change > DROPBEAR_MAX_PASSWORD_LEN to higher value. for example, 200?
If a successful login for a 200 char password takes longer than ~250ms (svr-auth.c send_msg_userauth_failure()) then it's probably possible to figure if usernames exist on a system. That may or may not be a security problem depending on the situation. The length will depend on the speed and crypt algorithms of the system. Cheers, Matt
