brad@looking.UUCP (Brad Templeton) (11/11/88)
The philosophy behind the readable password file is old, but was valid at the time, I think. The idea was that non-ecrypted passwords in an unreadable file is no kind of password security, although it's exactly the kind of security that GCOS has. If you use this method, than any problem which allows mere *read* access to disks is enough to get complete, often undetectable, access to the system. For example, just physical access to disk packs or backup tapes is enough. So when they made the Unix password file, as I understand it, they said, "We have to assume people will get at the password entries, so let's put all or security into encryption." With hindsight, it seems a combination is in order, but the philosophy that you should assume that any sophisticated cracker will get to read them still should apply. -- Brad Templeton, Looking Glass Software Ltd. -- Waterloo, Ontario 519/884-7473
sloane@kuhub.cc.ukans.edu (Bob Sloane) (11/15/88)
In article <2327@looking.UUCP>, brad@looking.UUCP (Brad Templeton) writes: > ... > The idea was that non-ecrypted passwords in an unreadable file is no > kind of password security, although it's exactly the kind of security > that GCOS has. > If you mean GCOS from Honeywell, they have been encrypting passwords for many years. Look at the documentation for DRL T.CRYP or MME GESECR. The encrypted password ONLY is stored in the System Master Catalog. This is not to say that GCOS is a completely secure OS. Does anyone out there remember the "$ PRIVIT" card? That was fun until they fixed it. +-------------------+-------------------------------------+------------------+ | Bob Sloane \Internet: SLOANE@KUHUB.CC.UKANS.EDU/Anything I said is | | Computer Center \ BITNET: SLOANE@UKANVAX.BITNET / my opinion, not my | | University of Kansas\ AT&T: (913) 864-0444 / employer's. | +-----------------------+-----------------------------+----------------------+