Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!usc!ucsd!ucbvax!bloom-beacon!athena.mit.edu!jik From: jik@athena.mit.edu (Jonathan I. Kamens) Newsgroups: comp.unix.questions Subject: Re: How secure is UNIX? Keywords: Security, ftp Message-ID: <1990Jun1.063800.17539@athena.mit.edu> Date: 1 Jun 90 06:38:00 GMT References: <100928@<1990May23> <9000030@m.cs.uiuc.edu> <1990May29.124526.13935@athena.mit.edu> <11513@vpk1.UUCP> Sender: news@athena.mit.edu (News system) Reply-To: jik@athena.mit.edu (Jonathan I. Kamens) Organization: Massachusetts Institute of Technology Lines: 45 In article <11513@vpk1.UUCP>, ram@attcan.UUCP (Richard Meesters) writes: |> The point is, however valid. If you are going to use a .netrc, why cant it be |> more like the passwd system. This merely means that the ftp program must |> provide the facilities for encryption/decription of the password, rather than |> leaving it up to the user to do so himself. First of all, the ftp protocol doesn't say, "Two machines talking to each other using the protocol must both be Unix machines that use a standard crypt() function for password verification." What it says is that there is a protocol command to send a password from the client to the server, and that server may use the password for verification in whatever way it chooses. Therefore, the ftp program can't "provide the facilities for encryption/decription [sic] of the password", because it has no idea what type of encryption the server at the other end is going to be expecting. Second, if the client is supposed to do password encryption, then what's to stop me from logging into your machine, grabbing your encrypted password string from the /etc/passwd file, then ftp'ing back to the same machine with a hacked ftp client which sends that encrypted string as the password? The ftp server says, "Gee, look, you've sent me the correct encrypted password!" and goes right ahead believing that I'm you. The security of the ftp password (well, at least, in the case of ftp servers on Unix machines) works the same way as the security for a normal Unix log-in password -- you give it a plaintext password, it encrypts it, and if the encrypted string matches the string in the passwd file, it assumes that you are who you say you are, since you've provided a string that encrypts correctly. Providing an already encrypted string proves nothing. If I've misunderstood what you're suggesting, then please forgive me, and please explain more clearly what you're suggesting. If not, I think you've got to think through a bit more clearly exactly how ftp authentication, and Unix password authentication in general, works. Jonathan Kamens USnail: MIT Project Athena 11 Ashford Terrace jik@Athena.MIT.EDU Allston, MA 02134 Office: 617-253-8495 Home: 617-782-0710 (Isn't it about time somebody wrote a Kerberized ftp client/server? :-)