Path: utzoo!mnetor!uunet!lll-winken!lll-lcc!pyramid!hplabs!well!pokey
From: pokey@well.UUCP (Jef Poskanzer)
Newsgroups: sci.crypt
Subject: Unix Password Security
Message-ID: <5289@well.UUCP>
Date: 23 Feb 88 19:24:50 GMT
References: <7271@brl-smoke.ARPA>
Distribution: na
Organization: Paratheo-Anametamystikhood Of Eris Esoteric, Ada Lovelace Cabal
Lines: 30

Ok, one fix would be to keep the encrypted passwords in a non-world-readable
file, while leaving the rest of /etc/passwd readable so that nothing breaks.
Doing this would mean adding a small hack to the getpwent routines, and
recompiling login and passwd.  But if you don't have source, this is a
problem.

Here's another idea.  Change the password encryption algorithm so that
it runs through crypt a hundred times instead of once.  And so that it
doesn't take minutes to log in, use fdes instead of crypt.  Yeah, that's
it, use the same technology that the crackers use!  Doing this would
mean small changes to login and passwd.  But once again, if you don't
have source, you're s.o.l.

Or are you?  It turns out that login is not really that complicated.
A friend of mine recently wrote his own login, not for increased
security but because the version supplied with his system wouldn't
allow more than two people to log in at a time.  It was only about
two pages of code, including all the utmp hacking.  Since his brain
damaged version of Unix was also missing the crypt routine, I gave
him a copy of fdes.  I can't believe passwd would be any harder to
re-implement than login...

Am I missing something, or would it really be this easy to increase
security?  If this is practical, perhaps I can get my friend to
release his version of login to the net, along with a new passwd to
go with it.
---
Jef

              Jef Poskanzer   jef@lbl-rtsg.arpa   ...well!pokey
          "Who's going to believe you? You're just a talking head."