venta@i2ack.UUCP (Paolo Ventafridda) (01/07/89)
I read about all those statistics on pw hacking due to "open" passwd on unix. The whole point is: with new software and hardware technologies - like optimized DES routines, faster machines etc. - one could get passwd and work it out on a local workstation. It is possible that soon some CRAY ( or whatever ) gips computer will offer good possibilities for such a thing in "reasonable" times. So, the other point is that it is not so easy to make passwd not readable by world, since too many commands use it (also "ls" does..), and anyway this kind of work (changing the way most of utilities work inside Unix) should be done by unix manufacturers themselves, otherwise, with all these "patches" i guess many other holes would appear in the Big Swiss Cheese which is Unix. So, i don't know is someone already thought about this, but maybe there IS a solution. At least, this is what i found out..i called it "SLOG". Suppose that passwd looks like this: root:NOHACK:0:0:system Owner:/etc.etc. foo:NOHACK:150:600:foo bar:/usr/foo etc. logon::0:0:Secure logon procedure:/usr/logon:/usr/logon/slog And suppose there's a daemon called "logdaemon" running from system boot, which interacts with "slog". When a user wants to get in, he has to enter as "logon", which will say something like: Please enter your account id: 4519sH8 Please enter your account pw: mypw Access granted for user: foo password: Hg75so Complete your logon within 120 seconds. login: foo Password: Hg75so Welcome to ... Basically, SLOG tells to logdaemon to change foo password to a new random-generated one. Logdaemon will then change it back to "NOHACK" after 120 seconds or whatever decided for that user by the system manager. Once every "x" days or/and "y" accesses, SLOG will tell to user foo, immediatly after the "access granted" message something like: Your new account id is: TG6sa32 And also once every "z" days or/and "k" accesses: Please change you account password. New password: etc. This means that: 1) there is no way of hacking /etc/passwd since there are no real passwords inside. 2) there is no way of knowing which is the account id for a user, since this account id is random-generated too, and automatically changed once a while. 3) at this point, also the really stupid secretary won't be a security problem because of its simple passwords, like "pencil" (think of WarGame..); one should always get her account id, which could be asked SLOG to be changed also everytime she logs in, if needed. I guess she would always being asking root for the forgotten id/pw :-) OF COURSE all files related to SLOG are well closed inside a private directory! From the software point of view, i think this is really easy to do. Just an idea. If someone thinks it could do, i would write it down. I just *love writing daemons...:-) Greetings from Milano, Italy This is my first posting on usenet from i2ack. Please for any email, take care that all of EUnet backbones will reject mail to/from i2ack. I am on pyramid, so if you are outside europe use pyramid!i2ack, if on eunet use the address " unido!altger!blue ". I know this won't concern 99.9999% of you, but for that 0.0001% it would be disappointing to receive back its email! Paolo Ventafridda -- Paolo Ventafridda Via Ottoboni 6,20148 Milano - Italy Tel.+392-4032432 EUnet:blue@altger eucon:venta@i2ack BANG:{pyramid,altger,tmpmbx}!i2ack!venta # If you mail me on i2ack, use pyramid path; i'm on eunet's lock-list..(sic) #
Makey@LOGICON.ARPA (Jeff Makey) (01/08/89)
In article <83@i2ack.UUCP> venta@i2ack.UUCP (Paolo Ventafridda) writes: [description of SLOG password system deleted] >OF COURSE all files related to SLOG are well closed inside a private directory! As was brought up in the discussion of shadow passwod files, the effectiveness of this sort of protection is questionable, at best. SLOG seems to be an overly complicated authentication scheme that has no compelling advantages over the use of a simple /etc/shadow file. :: Jeff Makey Department of Tautological Pleonasms and Superfluous Redundancies Department Disclaimer: Logicon doesn't even know we're running news. Internet: Makey@LOGICON.ARPA UUCP: {nosc,ucsd}!logicon.arpa!Makey