Please send replies either to the list or to jmaslak@wind-river.com. The "bugtraq@wind-river.com" is simply a list reflector into my systems. I've been reading this list for a lot of time. Every month or so, someone notices a "plain text password," criticizes the security of the product at hand, and explains how nothing should be plain-text. However, I did think we were trying to avoid security by obscurity. Any system which needs to know the password (not just a hash of it or some such), to do things like log into another server, has to know the real password. Simply knowing the hash won't work, obviously. But, what does the (in)security community want systems to do? Do some sort of "encryption" of the password. But, wait a minute... The key to decrypt has to be in the program somewhere, doesn't it? Otherwise, how would the program be able to find the original password (I'm NOT talking about Unix style hashes -- Unix doesn't log into other computers as certain users, with the possible exception of UUCP which stores the password in plain-text). If the program's code can decrypt the password, all we are relying on is security through obscurity -- the fact that a user doesn't "know" the decryption algorithm. I would much rather, as an admin, know exactly where and how a password is stored! Wouldn't you? But, with this security through obscurity, it just makes it harder for us to figure that out, and the "encryption" adds a false sense of security on top of it! Please, people, let's think through what we are making venders do. Let's go for real security, not a nice, warm feeling! Joel Maslak System Programmer Wind River Visual Communication
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:42:29 PDT