jsw@hou2h.UUCP (J.SOLTES) (01/17/85)
[.lunch] I just realized a problem with using crypt with ksh. Since ksh maintains a .history file with previously executed commands in it, the crypt command line (which includes the key) is added to .history! Worse yet, .history is kept in your HOME directory, which is usually the least protected! Is there a better way around this than editing the lines out of .history? John Soltes - AT&T Consumer Products Just because you're paranoid doesn't mean they're not out to get you.
ka@hou3c.UUCP (Kenneth Almquist) (01/21/85)
The .history file is (or should be!) in 600 mode, which provides a certain amount of protection. For best results, let crypt prompt you for the key instead of giving it as an argument. Kenneth Almquist
rjk@mgweed.UUCP (Randy King) (01/28/85)
<><><><> Two options come to mind: 1) Force crypt to prompt you by not supplying the key on the command line. 2) Define HISTFILE=$HOME/some/deep/directory/.history and also in your ".profile": trap 'rm -f $HISTFILE' 0 so that the history file is removed on log off. Randy King AT&T-CP@MG ihnp4!mgweed!rjk
emks@uokvax.UUCP (01/29/85)
/***** uokvax:net.crypt / trsvax!gordon / 8:25 pm Jan 20, 1985 */
If crypt is entered without a key, it will ask for one from the terminal.
(At least on 4.1bsd and Xen*x (v7 clone), it does). This is a fairly secure
method of key entry compared to putting it on the command line: it keeps the
key out of .history files, it keeps it away from someone doing a ps at the
wrong time, and it is never visible to the person standing behind you looking
at your crt, as long as he also can't see what your fingers are typing. If
your version of UN*X crypt doesn't have this capability, it ought to.
/* ---------- */
True. I might point out that unless your system also has magic things like
/dev/{k,}mem secured, you're asking someone (albeit a *knowledgeable* someone)
to take your {login,crypt,secretmail,etc.} key away from you. And since
few people use more than two or three passwords for these sorts of things,
the possibility of compromise becomes great.
Sigh...
kurt