pmaniac@walt.cc.utexas.edu (Noah Friedman) (06/03/90)
In article <6703@blake.acs.washington.edu> mrc@Tomobiki-Cho.CAC.Washington.EDU (Mark Crispin) writes: >... There are lessons to be learned, starting with the >abolishment of /etc/passwd and user access to the encryption >algorithm. I don't know that this is necessary. While it's possible that someone already has worked out a way to reverse DES, having access to /etc/passwd is quite useful. A number of my programs use information in this database, including the password field, so that other users can use their own passwords for various options while running my programs. If DES is breakable, then a new algorithm needs to be implemented. And users should be encouraged to choose good passwords, otherwise it doesn't matter what encryption mechanism is used. It's probably already been mentioned, but there is no good way to hide the encryption algorithm. Even if it's hardcoded into the kernal, it can always be disassembled. Noah Friedman pmaniac@ccwf.cc.utexas.edu
wcs) (06/05/90)
In article <28764@ut-emx.UUCP> pmaniac@walt.cc.utexas.edu (Noah Friedman) writes: ]In article <6703@blake.acs.washington.edu> mrc@Tomobiki-Cho.CAC.Washington.EDU (Mark Crispin) writes: ]>... There are lessons to be learned, starting with the ]>abolishment of /etc/passwd and user access to the encryption ]>algorithm. ]/etc/passwd is quite useful. A number of my programs use information ]in this database, including the password field, so that other users ]can use their own passwords for various options while running my programs. /etc/passwd has become the traditional location for user-info other than passwords, so of course it needs to be kept, but I agree with the shadow-password approach that puts (encrypted) passwords in a non-world-readable file. Yes, this means that YOUR software can't use the real password, but this is good - I'm not going to trust my real password to non-system software, because of the increased risk of trojan horses and insecurity; terminal-lockers and such get their own passwords. ]If DES is breakable, then a new algorithm needs to be implemented. And ]users should be encouraged to choose good passwords, otherwise it ]doesn't matter what encryption mechanism is used. The point of the modified-DES used by UNIX is that it isn't the same as the real DES, so a real-DES breaker won't work, and a fast hardware implementation of real-DES will make it hard to search for obvious passwords. Unfortunately, though, people have gotten 10-fold speedups in password encryption through software, and hardware is 1-2 orders of magnitude faster than the old PDP-11 days (much more, if you have a network of machines to bum cycles off of). So DES isn't real secure enough either, given readable passwords. -- Thanks; Bill # Bill Stewart AT&T Bell Labs 4M312 Holmdel NJ 201-949-0705 erebus.att.com!wcs # Actually, it's *two* drummers, and we're not marching, we're *dancing*. # But that's the general idea.