diff options
author | dtucker@openbsd.org <dtucker@openbsd.org> | 2018-04-13 03:57:26 +0000 |
---|---|---|
committer | Darren Tucker <dtucker@dtucker.net> | 2018-04-13 15:26:11 +1000 |
commit | e9d910b0289c820852f7afa67f584cef1c05fe95 (patch) | |
tree | 207f618329c9df13a2278c71c95b1dc66450bb86 /servconf.h | |
parent | d97874cbd909eb706886cd0cdd418f812c119ef9 (diff) |
upstream: Defend against user enumeration timing attacks. This
establishes a minimum time for each failed authentication attempt (5ms) and
adds a per-user constant derived from a host secret (0-4ms). Based on work
by joona.kannisto at tut.fi, ok markus@ djm@.
OpenBSD-Commit-ID: b7845b355bb7381703339c8fb0e57e81a20ae5ca
Diffstat (limited to 'servconf.h')
-rw-r--r-- | servconf.h | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/servconf.h b/servconf.h index 37a0fb1a3..6d2553c38 100644 --- a/servconf.h +++ b/servconf.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: servconf.h,v 1.130 2017/10/25 00:19:47 djm Exp $ */ | 1 | /* $OpenBSD: servconf.h,v 1.131 2018/04/13 03:57:26 dtucker Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 4 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
@@ -209,6 +209,7 @@ typedef struct { | |||
209 | 209 | ||
210 | int fingerprint_hash; | 210 | int fingerprint_hash; |
211 | int expose_userauth_info; | 211 | int expose_userauth_info; |
212 | u_int64_t timing_secret; | ||
212 | } ServerOptions; | 213 | } ServerOptions; |
213 | 214 | ||
214 | /* Information about the incoming connection as used by Match */ | 215 | /* Information about the incoming connection as used by Match */ |