Path: utzoo!utgpu!watmath!clyde!att!ucbvax!pinocchio.UUCP!bzs
From: bzs@pinocchio.UUCP (Barry Shein)
Newsgroups: comp.protocols.tcp-ip
Subject: password aging (from worm discussion)
Message-ID: <8811181901.AA12769@pinocchio.UUCP>
Date: 18 Nov 88 19:01:52 GMT
References: <8811181630.AA10668@uc.msc.umn.edu>
Sender: usenet@ucbvax.BERKELEY.EDU
Organization: The Internet
Lines: 38


>> You're turning the file into pure gold.
>
>I don't understand this, could you explain further?  Shadow password
>files aren't intended to contain clear passwords, they'd hold encrypted
>ones just as they do now.  Using them would just impede people from casually
>picking up the file and trying passwords without going through login etc.
>But even if someone did capture a copy of a shadow pw file, you'd only be
>in the same situation you always were when /etc/passwd contained passwds.
>So is it really the kind of catastrophe you suggest?
>
>	Stuart Levy

That's the idealized situation. In reality once you've decided that
the security of your system depends on the read security of one file
then any breech of that must be responded to, common sense would
dictate it. Otherwise, why did you make it unreadable? I don't think
going forth with the idea "oh, we did it, but we never *really* needed
to, it doesn't matter if a copy got out" is a rational approach.

Otherwise one is just trying to have it both ways, relying on the
security of an unreadable pw file but saying you don't really care if
anyone reads it. At that point at best it's a matter of whether you
can sell such an attitude to your (management? users?) when they come
to you and say "gee, I saw so and so walk out with a listing of the
password file...what are you going to do?"

Don't think about yourself who knew in November 1988 *why* you went to
shadow pw files, think about (oh) 5 years from now when every system
is delivered and manuals say to keep the pw file unreadable because
otherwise passwords might be cracked.

I still contend it's a bad idea, concentrate on the other aspects.

If some form of publicly readable encryption is deemed impossible
as a concept I sincerely hope that argument gets published.

	-Barry Shein, ||Encore||