pokey@well.UUCP (Jef Poskanzer) (11/16/88)
In the referenced message, bzs@encore.com (Barry Shein) wrote: }The following proposals seem to be on the table: } 1. Improve the encryption algorithm so brute force attack } on even relatively "easy" passwords becomes difficult. } 2. Improve software which ensures users choose hard to crack } passwords. } 3. Shadow passwords. Good enumeration. But what's wrong with doing all three, plus more if you can think of any? Protecting the encrypted passwords isn't admitting that if they get out you are compromised; it is merely part of a defense in depth. It might delay the attack weeks or months, while the cracker waits to get ahold of the shadow password file. That is worthwhile. Also, one point seems to have been missed by everyone regarding proposal 1 above. Yes, it makes brute force attacks 50 to 100 times harder. But it also discourages the more sophisticated pre-computed attack described Dennis Mumaugh, because the attacker does not know in advance exactly what the encryption function is. He can't just grab his CD-ROM filled with the encrypted lexicon with all salts. He must first figure out exactly how many iterations of DES are being used on the target site. So this is another part of a defense in depth. Of course, there is a trade-off involved in making your site's security non-standard. The upside is that you become less vulnerable to mass attacks such as the rtm worm or Mumaugh's pre-computed lexicon. The downside is that you are no longer quite as confident that your security measures are free from holes. I mean, software from reputable sources such as Berkeley and Sun has been pounded on by so many people that it must be secure, right? Right? Anyway, none of this matters too much while passwords are still flying over the ethernet in the clear. --- Jef Jef Poskanzer jef@rtsg.ee.lbl.gov ...well!pokey My .forward contains "| sed '1,/^$/d | /bin/sh ; exit 0".