Path: utzoo!attcan!uunet!lll-winken!ames!pacbell!att!cuuxb!dlm From: dlm@cuuxb.ATT.COM (Dennis L. Mumaugh) Newsgroups: comp.unix.wizards Subject: Re: Password security - Another idea Summary: No. Message-ID: <2362@cuuxb.ATT.COM> Date: 10 Jan 89 01:47:49 GMT References: <228@sea375.UUCP> <4497@xenna.Encore.COM> <4537@xenna.Encore.COM> <4547@xenna.Encore.COM> <2338@cuuxb.ATT.COM> <4612@xenna.Encore.COM> Reply-To: dlm@cuuxb.UUCP (Dennis L. Mumaugh) Organization: ATT Data Systems Group, Lisle, Ill. Lines: 94 In article <4612@xenna.Encore.COM> bzs@Encore.COM (Barry Shein) writes: Dennis Mumaugh writes and Barry argues and then Basically, I claim you have just rested your argument on the proposition that such systems as RSA and other public-key data encryption methods are completely useless and fundamentally flawed, even in the casual sense (ie. without presupposing teraMIPS computers.) Is that a fair summary? Is that where you want to stand? No, this is NOT my position. The encryption used for passwords is not *fundamentally* flawed! It is restricted so that the work-factor is much too low. Work-factor is a cryptologic word that defines the amount of resources of a postulated type needed to break an encryption and either recover the plain text and/or the key. It assumes various factors such as message size, change of crypto variables and the technical means to do the breaking. In the case at hand, the V7 encryption was adequate at the time it was designed 10 years ago. With good password management methods it is adequate (barely) right now. It is currently within the state-of-the-art to break passwords by brute force using the current scheme. {Based on human nature and clever crackers.} The password encryption alogithm needs strenghtening! RSA or DES or any other encryption scheme will work if the key space is expanded much more. An 8-character password as currently implemented with UNIX is getting to be too short. Increasing the length of the password (and hence the encrypted result) will make it much harder to break. The salt is a specious argument. Its original purpose was to disguise the fact that a given user used the same pasword on different systems. Ken Thompson and Bob Morris made a hobby in the early day [1974-77] of cracking all the systems/passwords they could. In the LA area they discovered several people had accounts on diverse machines: RAND, UCLA, USC-ISI, etc. and it was easy to see if the passwords were the same on different machines. I agree with Barry that it is sometimes possible to trick programs to give read access to protect files: I know a couple of programs that will. But shadow passwords are an extra precaution, not the only precaution. Consider typical cracker like a burglar -- they are snatch and grab, get in and get out before you get caught. Consider breaking /etc/shadow being more like the house guest rummaging in your desk while you are sleeping or a house sitter while you are on vacation. In a properly secured system only authorized users will get logged-in. Hence the crackers are usually an authorized user. If the password is in a read-protected shadow, most amateur crackers will try other methods first. Unless they are really sophisticated or have a lot of time to break the system. In almost any system there are a lot easier ways to breakin rather that try to read /etc/shadow. Trojan horses and trapdoor programs provide a faster and more productive way. Few of the typical system administrators have cleaned-up their system so well that password cracking is the fastest way. Smart people use trusted programs for password changing and are always careful not to type stupid things like "chmod +r *" while in /etc. Inexperienced systems adminstrators are the most serious threat to a system's integrity second only to a complacent administrator. Of course the possibility that a shadow password file can give a false sense of security needs to be addressed. One could have a cron job to ensure that critical files are always kept secure -- nice place to attack the system though. One could also keep the password outside of the file system in a raw partition that is known to the system. The flaw there is how one does a back-up of the passwords [what if the disk gets corrupted?]. Implementing system calls for password change and password verify is a good start but then the bute force attack is just to have a C program feed the kernel a lot of stuff. In short for each attack there is a defense and for each defense there is an attack. Also the best computer security expert is an ex-cracker. The best cracker is one who has done software support! Short of physical security the only safe approach is to do everything possible and layer the defenses. But one must design the defenses so they add not merely inclusive or the protections. In reality a vigilant person ought to suspect penetration and think along the lines of damage assessment. -- =Dennis L. Mumaugh Lisle, IL ...!{att,lll-crg}!cuuxb!dlm OR cuuxb!dlm@arpa.att.com