Path: utzoo!attcan!uunet!husc6!bloom-beacon!bu-cs!encore!bzs
From: bzs@Encore.COM (Barry Shein)
Newsgroups: comp.unix.wizards
Subject: Re: Password security - Another idea
Message-ID: <4612@xenna.Encore.COM>
Date: 7 Jan 89 18:15:14 GMT
References: <228@sea375.UUCP> <4497@xenna.Encore.COM> <4537@xenna.Encore.COM> <4547@xenna.Encore.COM> <2338@cuuxb.ATT.COM>
Organization: Encore Computer Corp, Marlboro, MA
Lines: 54
In-reply-to: dlm@cuuxb.ATT.COM's message of 4 Jan 89 04:34:43 GMT
Posting-Front-End: GNU Emacs 18.41.15 of Tue Jun  9 1987 on xenna (berkeley-unix)


Dennis Mumaugh writes (lots of points, most good, some irrelevant to
the issue at hand like that some systems don't have root passwds which
I fail to see how *any* system will protect against once allowed.)

>8).  Relying on the work factor for an encrytion  for  the  major
>protection  is  foolish.  There  will  be  a cracker who is smart
>enough to figure out how to beat the encrytion.  Remember that if
>/bin/login or /bin/passwd is publicly readable on your system one
>can reverse engineer the whole  protection  system.  After  which
>optimize,  optimize.  A serious cracker will have serious help, a
>non-serious one will try elsewhere.

Here you've hit on the absolute, critical, nut of the problem. We
completely disagree (although I don't think either of us can yet prove
the other wrong) on this one point and everything else discussed can
be reduced to this one disagreement.

In fact, it's a presentation of tautological proof of the need for
shadow password files (shadow password files are necessary to prevent
decrypting of passwords because without them passwords can be
decrypted.)

I don't accept this a priori. I am willing to consider the need for a
change in encryption algorithms used, and I certainly see a use for
password changers which reject easy to crack choices (eg. anything
short, of only lower case chars, in /usr/dict/words, equal to the
login name, system name etc.)

Such password checkers are not the only defense, if someone is
absolutely determined to use a simple password (such as an anagram of
their last name) which the checker doesn't check for and someone else
happens to use that in their attack it doesn't much matter what method
you use, so education is important also, regardless of any other
consideration. With a last name like mine they could practically type
in all the anagrams in a few hours thru the login program, if you
narrow that down to CVC patterns even longish names become pretty easy
(for example.) You can put the absolute best locks on your doors but
if your staff fails to close those doors and lock those locks then
it's futile.

Basically, I claim you have just rested your argument on the
proposition that such systems as RSA and other public-key data
encryption methods are completely useless and fundamentally flawed,
even in the casual sense (ie. without presupposing teraMIPS
computers.)

Is that a fair summary? Is that where you want to stand?

	-Barry Shein, ||Encore||

P.S. This is *NOT* a flame war or any such thing, I honestly believe
this whole issue needs to be shaken out and this list is a fine place
to do that, INMHBCO.