You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I was looking at your module to manage our ossec infrastructure, and one aspect I am particularly concerned about is key management.
The default ossec-authd doesn't provide enrollment security: any server can contact the authd server and join the ossec infrastructure, which isn't great.
I was hoping that your module would provide a more secure way of dealing with keys. But it seems that you generate them by calculating two md5 strings from non-secret information. There is no random, except for a seed stored in manifests/agentkey.pp that is statically defined. My understanding of your module is that any intruder that has access to the seed can guess all the agent keys fairly easily.
I, unfortunately, do not have a proposal to fix this, other than extracting the key management outside of the module itself.
Please confirm. If I had missed something, and your module is in fact secure, then I'd love to use it in our environment.
The text was updated successfully, but these errors were encountered:
I was looking at your module to manage our ossec infrastructure, and one aspect I am particularly concerned about is key management.
The default
ossec-authddoesn't provide enrollment security: any server can contact the authd server and join the ossec infrastructure, which isn't great.I was hoping that your module would provide a more secure way of dealing with keys. But it seems that you generate them by calculating two md5 strings from non-secret information. There is no random, except for a seed stored in
manifests/agentkey.ppthat is statically defined. My understanding of your module is that any intruder that has access to the seed can guess all the agent keys fairly easily.I, unfortunately, do not have a proposal to fix this, other than extracting the key management outside of the module itself.
Please confirm. If I had missed something, and your module is in fact secure, then I'd love to use it in our environment.
The text was updated successfully, but these errors were encountered: