[OpenVPN home] [Date Prev] [Date Index] [Date Next]
[OpenVPN mailing lists] [Thread Prev] [Thread Index] [Thread Next]
Web openvpn.net

Re: [Openvpn-users] Username/Password authentication strengh

  • Subject: Re: [Openvpn-users] Username/Password authentication strengh
  • From: James Yonan <jim@xxxxxxxxx>
  • Date: Tue, 28 Dec 2004 16:26:35 -0700 (MST)

On Tue, 28 Dec 2004, Mathias Sundman wrote:

> I'm about to setup an OpenVPN solution where ease of management weight 
> higher than maximum security, so I'm thinking about writing a simple 
> script that allows me to have a simple textfile file 
> with USERNAME <SPACE> PASSWORD on each row and use this for 
> username/password based authentication in OpenVPN.
> That will allow very easy adding and removing of users, and the 
> username/password can easily be read to users over phone. I can also 
> create a customized Windows installation package containg the config file 
> as well as the CA certificate. Then it's no need to distribute anything, 
> and nothing more to configure on the client. Install, get username/psw 
> over phone and you're ready to rock n' roll!
> However password based authentication is usually dismissed as NOT SECURE! 
> I just wonder how week it really is?

> What are the accual threats, and how would you go about to break it?

The lowered security from using passwords comes from:

(1) the usual password caveats -- weak passwords, vulnerable to sniffing 
by spyware, users write them down, etc.

(2) with any network software, there will be some percentage of the code 
which handles network packets, or data derived or extracted from those 
packets, before the sender has been authenticated.

Concerning (2), most software which has chronic buffer overflow problems
tend to have these problems because too many thousands of lines of code
can potentially be touched or influenced by unauthenticated packets, so 
it's easier for an attacker to find a security bug in so many lines of 

That's of course why we use firewalls rather than separately try to build 
security into every application.  The firewall lets a <10,000 line program 
protect millions of lines of possibly insecure application code which 
lies behind the firewall.

OpenVPN tries to significantly reduce the number of lines of code which
unauthenticated packets can touch.  The best security along these lines
would be to use --tls-auth -- this reduces the number of lines of code in
OpenVPN which can be touched by unauthenticated packets to several
hundred.  It also means that 0 lines of code in the SSL/TLS implementation
of OpenSSL will be touched.

Without tls-auth and with certificates, the number of touched lines of 
code rises into the thousands.

And without tls-auth and without certificates but only using 
username/password auth, the number of touched lines is even higher than 

Another way of saying this is that with username/password-only auth, even 
an attacker who doesn't have the right credentials can get "deeper" into 
the OpenVPN and OpenSSL code before the red flag gets raised. 

> With normal cryptography where you have access to both the chipertext and 
> plaintext you can easily do an off-line brute-force attack, but as I have 
> understood it, with a properly designed password authentication protocol, 
> it is not possible to sniff the traffic and do an off-line brute-force 
> attack on this data, is this correct?

You couldn't sniff the password easily because it's encrypted via the TLS 

> If that is true I trust OpenVPN is designed that way to!
> The other obvious way to attack it is to do an on-line brute-force attack. 
> How does OpenVPN protect against this? I couldn't find any options to 
> restrict how many authentication attempts to allow within a given time, or 
> a way to lock an account after to many attempts (perhaps for given time 
> period) -- or is this completly up to the --auth-user-pass-verify script 
> to handle?

Right now there's no active attempt to prevent a brute-force attack when
certificate-based authentication is disabled.  The username/password retry
rate would be constrained by the TLS negotiation time.  The client would
need to do a new TLS negotiation for each username/password try.  This
would likely make brute-force attacks infeasible unless the password was
short or easily guessable.

> If it's impossible to do off-line brute-force attacks, and on-line attacks 
> is restricted properly by not allowing indefinite attempts in short time, 
> what is it that make password based authentication so week?

I would expect password-only security in OpenVPN to be comparable in terms
of strength of security with password-only ssh or visiting a https site on
the web and entering a password.  The main security issues will be in 
using a strong password and preventing it from being stolen by spyware or 
physical machine theft.

Also, consider using a --tls-auth key if possible.  You can use tls-auth 
with username/password auth and without certificates, and it will give you 
better security than username/password alone.

Another thing to think about would be changing the KEY_EXPANSION_ID string
in ssl.h.  This would make it difficult for someone who managed to steal
a password only (but not the openvpn binary itself) to use that password
in a stock version of OpenVPN to connect to the server.


Openvpn-users mailing list