venta@i2ack.UUCP (Paolo Ventafridda) (01/07/89)
I read about all those statistics on pw hacking due to "open" passwd
on unix. The whole point is: with new software and hardware technologies
- like optimized DES routines, faster machines etc. - one could get
passwd and work it out on a local workstation.
It is possible that soon some CRAY ( or whatever ) gips computer will offer
good possibilities for such a thing in "reasonable" times.
So, the other point is that it is not so easy to make passwd not readable
by world, since too many commands use it (also "ls" does..), and anyway
this kind of work (changing the way most of utilities work inside Unix)
should be done by unix manufacturers themselves, otherwise, with all these
"patches" i guess many other holes would appear in the Big Swiss Cheese which
is Unix.
So, i don't know is someone already thought about this, but maybe there IS
a solution. At least, this is what i found out..i called it "SLOG".
Suppose that passwd looks like this:
root:NOHACK:0:0:system Owner:/etc.etc.
foo:NOHACK:150:600:foo bar:/usr/foo etc.
logon::0:0:Secure logon procedure:/usr/logon:/usr/logon/slog
And suppose there's a daemon called "logdaemon" running from system boot,
which interacts with "slog".
When a user wants to get in, he has to enter as "logon", which will say
something like:
Please enter your account id: 4519sH8
Please enter your account pw: mypw
Access granted for user: foo password: Hg75so
Complete your logon within 120 seconds.
login: foo
Password: Hg75so
Welcome to ...
Basically, SLOG tells to logdaemon to change foo password to a new
random-generated one. Logdaemon will then change it back to "NOHACK" after
120 seconds or whatever decided for that user by the system manager.
Once every "x" days or/and "y" accesses, SLOG will tell to user foo,
immediatly after the "access granted" message something like:
Your new account id is: TG6sa32
And also once every "z" days or/and "k" accesses:
Please change you account password.
New password: etc.
This means that:
1) there is no way of hacking /etc/passwd since there are no real passwords
inside.
2) there is no way of knowing which is the account id for a user, since this
account id is random-generated too, and automatically changed once a while.
3) at this point, also the really stupid secretary won't be a security problem
because of its simple passwords, like "pencil" (think of WarGame..);
one should always get her account id, which could be asked SLOG to be
changed also everytime she logs in, if needed.
I guess she would always being asking root for the forgotten id/pw :-)
OF COURSE all files related to SLOG are well closed inside a private directory!
From the software point of view, i think this is really easy to do.
Just an idea. If someone thinks it could do, i would write it down.
I just *love writing daemons...:-)
Greetings from Milano, Italy
This is my first posting on usenet from i2ack.
Please for any email, take care that all of EUnet backbones
will reject mail to/from i2ack. I am on pyramid, so if you
are outside europe use pyramid!i2ack, if on eunet use
the address " unido!altger!blue ".
I know this won't concern 99.9999% of you, but for that
0.0001% it would be disappointing to receive back its email!
Paolo Ventafridda
--
Paolo Ventafridda Via Ottoboni 6,20148 Milano - Italy Tel.+392-4032432
EUnet:blue@altger eucon:venta@i2ack BANG:{pyramid,altger,tmpmbx}!i2ack!venta
# If you mail me on i2ack, use pyramid path; i'm on eunet's lock-list..(sic) #Makey@LOGICON.ARPA (Jeff Makey) (01/08/89)
In article <83@i2ack.UUCP> venta@i2ack.UUCP (Paolo Ventafridda) writes: [description of SLOG password system deleted] >OF COURSE all files related to SLOG are well closed inside a private directory! As was brought up in the discussion of shadow passwod files, the effectiveness of this sort of protection is questionable, at best. SLOG seems to be an overly complicated authentication scheme that has no compelling advantages over the use of a simple /etc/shadow file. :: Jeff Makey Department of Tautological Pleonasms and Superfluous Redundancies Department Disclaimer: Logicon doesn't even know we're running news. Internet: Makey@LOGICON.ARPA UUCP: {nosc,ucsd}!logicon.arpa!Makey