Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!samsung!uunet!snorkelwacker!paperboy!meissner From: meissner@osf.org (Michael Meissner) Newsgroups: comp.unix.internals Subject: Re: Finding Passwords Message-ID: Date: 5 Oct 90 19:29:04 GMT References: <8685@mirsa.inria.fr> <12438:Oct223:00:3290@kramden.acf.nyu.edu> <651@puck.mrcu> Sender: news@OSF.ORG Organization: Open Software Foundation Lines: 67 In-reply-to: paj@mrcu's message of 5 Oct 90 08:55:13 GMT In article <651@puck.mrcu> paj@mrcu (Paul Johnson) writes: | No it does not. What M. Faraut originally wrote was: | | > - CPU prompts "login:" | > - type your login name | > - CPU uncrypts your secret keyword and display it on screen . | > (Each user keeps up his own secret keyword encrypted in a personal file ; | > only the owner and root can read/modify this file ) | > - CPU prompts "passwd:" | > - Now you can either type your usual passwd if the secret | > keyword was right, or do anything else possibly aborting the session . | | | You do not type your password until the computer has given you your | secret keyword. The only problem with this is that someone might be | looking over your shoulder. There are ways around this, but they | start getting too complicated for humans to use: for example the user | could challenge the computer with one of a range of keywords to which | the computer would have to respond with a corresponding word (eg | donald-duck, micky-mouse, brian-kernighan) | | Computer: Login: | User: paj | C: Your challenge: | U: [no echo] micky | C: My response is "mouse". Your password: | U: [no echo] secret | C: paj logged in at.... | | This will prevent problems with someone looking over your shoulder on | one occasion, but if they can watch you repeatedly then it starts | becoming easier. A plain trojan could not make the correct response: | all it could collect would be the user's challenge. It would not be | able to make the response (unless the villain had managed to deduce | the list by prolonged observation) and hence would fail. It reminds of one of the internal systems at Data General back in far more trusting days of yore... At that time, many of the internal systems had a guest account (X.PUB) that had limited rights -- initially normal access rights, later it was only allowed on non-sensitive directory trees. One system decided to change it's X.PUB's initial shell to ask certain DG trivia questions. If you got three right in a row before missing any three answers you were allowed to log on. The triva was things like where is building 14B and the answer was 'webo' (building 14B was at the time where most of the Mass. developers worked, 14A was headquarters). In any case, the questions were selected randomly. Getting back to the above topic, something like this can be used to autheticate a user, providing you have a large enough base of questions (maybe a one time pad...). Where such things break down is other servers like FTP which grant rights to people but don't go through the extra shell. This technique was used for example to break into a system using a privledged account which did not have logon privledges, but was used by the mail system for upding the system databases. After I and others pointed this out, the mail servers were eventually changed to use more secure means of updating records. -- Michael Meissner email: meissner@osf.org phone: 617-621-8861 Open Software Foundation, 11 Cambridge Center, Cambridge, MA, 02142 Do apple growers tell their kids money doesn't grow on bushes?