Path: utzoo!utgpu!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!rutgers!mit-eddie!bu-cs!encore!bzs
From: bzs@Encore.COM (Barry Shein)
Newsgroups: comp.unix.wizards
Subject: Re: Password security - Another idea
Message-ID: <4497@xenna.Encore.COM>
Date: 27 Dec 88 16:01:58 GMT
References: <228@sea375.UUCP>
Organization: Encore Computer Corp, Marlboro, MA
Lines: 24
In-reply-to: dave@sea375.UUCP's message of 24 Dec 88 21:06:07 GMT
Posting-Front-End: GNU Emacs 18.41.15 of Tue Jun  9 1987 on xenna (berkeley-unix)


>With all the concern for control of access to passwords, even when encrypted,
>why now make passwords more integral to the kernel? The kernel could maintain
>passwords encrypted somewhere on the disk, but not directly accessible thru
>filesystem access. Special system calls would exist to store/retrieve encrypted
>passwords. The system calls could be restricted to root, and use would be
>recorded in an audit log(handle like process accounting logs) to detect
>password breakin attempts.
>
>I think this would be more secure than current password file or the shadow
>password file. Any comments?

Yes, somewhere and at some time we are going to have to do the hard
work of analyzing whether or not hiding encryptions improves security
as a general principle (as opposed to coming up with new ways to hide
them before doing the ground work.)

Hiding something indicates that it is dangerous if revealed. It says,
basically, that encryption technology is inadequate and cannot be made
to work, the only reasonable protection is secrecy. Do we honestly
believe this? Or, worse, do we believe that security is attained by
layering anything we can think of onto the system?

	-Barry Shein, ||Encore||