Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version B 2.10.1 6/24/83; site iitcs.UUCP Path: utzoo!watmath!clyde!burl!ulysses!mhuxr!mhuxt!houxm!ihnp4!iitcs!draughn From: draughn@iitcs.UUCP (Mark Draughn) Newsgroups: net.unix-wizards Subject: Re: Another reason why a few sources should come with binary licenses Message-ID: <164@iitcs.UUCP> Date: Tue, 3-Sep-85 22:06:46 EDT Article-I.D.: iitcs.164 Posted: Tue Sep 3 22:06:46 1985 Date-Received: Thu, 5-Sep-85 09:07:23 EDT References: <1149@brl-tgr.ARPA> Reply-To: draughn@iitcs.UUCP (Mark draughn) Organization: Illinois Institute of Technology, Chicago Il. Lines: 29 Summary: In article <1149@brl-tgr.ARPA> root%bostonu.csnet@csnet-relay.arpa (BostonU SysMgr) writes: [...] >Here's another one that was just brought up on the SECURITY mailing list. >If user's are not careful about password creation (and people are just >people) then a reasonably determined cracker can grab the encrypted string >in /etc/passwd and run it against dictionaries (this is all well documented >in "The Security of UNIX", I think that was Kernighan, sorry, working from >memory here.) > >A trivial defense (used I believe years ago at Harvard and probably lots >of other source sites) was to make /etc/passwd a dummy file (so most >software is undisturbed) which does not contain encrypted strings but >otherwise is publicly readable. You then create another, unreadable, >copy (call it /etc/passwd.nr) with the strings. The only two programs >that I can think of that use those encrypted strings (as delivered) are >login.c and passwd.c, just modify those to use the unreadable version (easy.) >It would also be handy to have a script that can be run that builds the >readable from the unreadable when it is modified (easy.) [...] In my UNIX manual it is pointed out several times that it is a crock that user information (office, name, shell, etc.) is stored in the password file. It should be in a separate database. So far, it isn't. I guess it would be easier to move the passwords than it would be to move anything else. This should be a standard part of UNIX. (Not that I don't think that a few source files would be nice. I am at a university so we have source, but we also run VMS without source and I wish I had it.)