(Here's hoping this makes it past the censor ;) On Fri, 16 Apr 1999, Aleph One wrote: > Lots of replies to this message but they all failed to really answer > the questions raised by the original post. It seems to me that a lot of this could be avoided using tickets similar to Kerberos. We have a trusted third party (TTP) that receives your credentials once and returns a ticket for a set of services with a given lifetime. This ticket is good only within a certain context (certain services, servers, clients, times, dates, you name it and it can be rolled into the ticket). That way if the ticket is compromised, it is of limited use (versus a full blown password with may be useful in other contexts.) The client could then use the old ticket (before it expires) to get a new ticket. That way an attacker cannot get ahold of an unlimited use ticket but must continue to get new tickets from the client. (or reveal himself by registering for his own new tickets). There is another rule to obey here: have security levels associated with your passwords. This would seem to be a no-brainer, but I guess it's not. It's usually not very feasible to have a separate password for everything so people pick a few. If you do this, delegate one password (or set of passwords) as low security. Think about what kind of service this is and how your password is likely to be stored. Think about how much damage could be inflicted if blahblahblah.com accidentally lets out your chat password. Don't let passwords for systems with secure password schemes (such as UNIX) be used for those with insecure schemes such as Netscape. (Using any of those "remember my password" features violates this nostrum.) The wisdom of this rule was highlighted by this very same Real Server oops. In an attempt to demonstrate to a friend that he needed to subscribe to BugTraq, I logged in and grabbed his RS password. The disturbing thing is, I know that it's also a root password on some machines. Oops, a silly mistake has now been elevated to a catastrophe. Otherwise, use a separate password for absolutely everything and record them securely. That is to say, PGP encrypt them and take any steps necessary (such as disk wiping) to insure that it can only be recovered by someone who has the appropriate private key. Just my thoughts. ....................................................................... : Bureaucracy is the enemy of innovation. : Trevor Schroeder : : -- Mark Sheperd : tschroedat_private : :........... http://www.zweknu.org/ for PGP key and more .............:
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:42:49 PDT