Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!decvax!ucbvax!TOPAZ.RUTGERS.EDU!hedrick From: hedrick@TOPAZ.RUTGERS.EDU.UUCP Newsgroups: mod.protocols.tcp-ip Subject: secure replacements for passwords Message-ID: <8701110003.AA06976@topaz.rutgers.edu> Date: Sat, 10-Jan-87 19:03:27 EST Article-I.D.: topaz.8701110003.AA06976 Posted: Sat Jan 10 19:03:27 1987 Date-Received: Sat, 10-Jan-87 21:36:48 EST Sender: daemon@ucbvax.BERKELEY.EDU Organization: The ARPA Internet Lines: 49 Approved: tcp-ip@sri-nic.arpa Does anyone know of good replacements for the normal "please type your password" approach to login validation? We're thinking of moving our administrative computing onto a campus-wide network. I'm nervous about having people updating student records on a system that is as easy to tap as the typical Ethernet. Obviously we'd like to prevent people from seeing the data at all. But I'm most concerned with preventing people from changing it. My theory is that once a TCP connection is established, it's likely that no one will be able to break in on it. The gateways and backbone are likely to be physically secure, so any breaking in would have to happen on the local net. I think we can tweak the implementations so that is either impossible or leaves immediately obvious evidence. So what I'd like is a way, once the connection is established, to validate the person who is on it. It strikes me that fairly simple cryptographic techniques should work here. I had in mind something like the host sends me a random number, I ask the user for his password, I encrypt the random number with the password, and send back the results. The host knows the password (This is not Unix, so the password files are not public.), and duplicates the results at its end. The only constraint on the encryption technique is that it has to be able to survive a known plaintext attack on the random number. Presumably that is short enough that any reasonable technique (DES?) would work, as long as we choose the passwords. Obviously if the user chooses the passwords, the space of passwords will be so small that it would be easy to search. Does this seem reasonable? Anybody have a better idea? I'm looking for something that I can practically implement myself. Probably all access with be a micro running pc/tn3270, when it becomes available, and the mainframe will be running the UCLA MVS TCP/IP code. I'm looking for something I can hack into that software. Also, it would be sort of nice to encrypt the data itself. Does anybody know whether this is practical? My feeling is that it might be worth coming up with a random bit stream once for each connection and just XOR'ing all the data with it. Of course this would be a sitting duck for known plaintext attack, but at least it would require some work to see what was going on. The security against change would not depend upon this, but upon the security of the connections and the password mechanism. This would be designed simply to discourage casual wiretapping. I know nothing I'm going to come up with is going to prevent the NSA from finding out our student grades. But what bothers me is the common approach that because the perfect is unobtainable, we do nothing. What I'd really like to do is to get something that is at least as secure as locking your gradebook in your desk and then locking your office door. There are obviously many people on our campus who can get past those locks. But there is still a difference between using the locks and leaving the grade book out on a coffee table in a public lounge.