Path: utzoo!mnetor!uunet!husc6!hao!ames!umd5!brl-adm!adm!rbj@icst-cmr.arpa From: rbj@icst-cmr.arpa (Root Boy Jim) Newsgroups: comp.unix.wizards Subject: passwords (was Re: 60-second timeout in Unix login) Message-ID: <12189@brl-adm.ARPA> Date: 9 Mar 88 03:01:30 GMT Sender: news@brl-adm.ARPA Lines: 37 From: Robert Cray In article <12035@brl-adm.ARPA> rbj@icst-cmr.arpa (Root Boy Jim) writes: >It is interesting that people's ideas on security are often wrong. >For example, some people around here think that having different >passwords on different machines provides better security than >using the same one for all machines! It just ain't so. But suppose you have an account on your machine, and an account on my machine. I modify login on my machine to record your password. I then try it on your machine. If all machines are administered by a single entity, you are of course correct. Also, supposed you have accounts on unix machines, where the password file is readable, and accounts on vms machines, where it is not. If your unix password is in websters, I can get it. Not so with vms, unless there is another security problem. Evidently I left several premises unstated. First, I am talking about a BSD environment. Anyone who has accounts on more than one machine is likely to allow {rlogin,rsh,rcp} access to the other machines via .rhosts. In any event, the machines are host.equiv'ed anyway. Second, you do not have to go to such lengths to get my password. Just su to root, then su to whoever you want. Then rlogin anywhere a .rhosts file lets you. In short, if you allow access of this kind, you are also trusting the root person(s) on that machine. Given this environment, where one door opens them all, separate passwords just gives the attacker multiple targets. That was my point. --robert (Root Boy) Jim Cottrell National Bureau of Standards Flamer's Hotline: (301) 975-5688 Uh-oh -- WHY am I suddenly thinking of a VENERABLE religious leader frolicking on a FORT LAUDERDALE weekend?