Re: Plain text passwords--necessary

From: Trevor Schroeder (tschroedat_private)
Date: Mon Apr 19 1999 - 10:59:56 PDT

Next message: Chris Wedgwood: "Re: PATCH: Fix for linux 2.0.x -ve truncation problem"

Previous message: David Luyer: "truncate("x", -1)"
Maybe in reply to: Joel Maslak: "Plain text passwords--necessary"
Next in thread: Daniel Alex Finkelstein: "Re: Plain text passwords--necessary"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

(Here's hoping this makes it past the censor ;)

On Fri, 16 Apr 1999, Aleph One wrote:

> Lots of replies to this message but they all failed to really answer
> the questions raised by the original post.

It seems to me that a lot of this could be avoided using tickets similar to
Kerberos.  We have a trusted third party (TTP) that receives your
credentials once and returns a ticket for a set of services with a given
lifetime.  This ticket is good only within a certain context (certain
services, servers, clients, times, dates, you name it and it can be rolled
into the ticket).  That way if the ticket is compromised, it is of limited
use (versus a full blown password with may be useful in other contexts.)

The client could then use the old ticket (before it expires) to get a new
ticket.  That way an attacker cannot get ahold of an unlimited use ticket
but must continue to get new tickets from the client.  (or reveal himself
by registering for his own new tickets).

There is another rule to obey here:  have security levels associated with
your passwords.  This would seem to be a no-brainer, but I guess it's not.
It's usually not very feasible to have a separate password for everything
so people pick a few.  If you do this, delegate one password (or set of
passwords) as low security.  Think about what kind of service this is and
how your password is likely to be stored.  Think about how much damage
could be inflicted if blahblahblah.com accidentally lets out your chat
password.  Don't let passwords for systems with secure password schemes
(such as UNIX) be used for those with insecure schemes such as Netscape.
(Using any of those "remember my password" features violates this nostrum.)

The wisdom of this rule was highlighted by this very same Real Server oops.
In an attempt to demonstrate to a friend that he needed to subscribe to
BugTraq, I logged in and grabbed his RS password.  The disturbing thing is,
I know that it's also a root password on some machines.  Oops, a silly
mistake has now been elevated to a catastrophe.

Otherwise, use a separate password for absolutely everything and record
them securely.  That is to say, PGP encrypt them and take any steps
necessary (such as disk wiping) to insure that it can only be recovered by
someone who has the appropriate private key.

Just my thoughts.
.......................................................................
: Bureaucracy is the enemy of innovation.          : Trevor Schroeder :
:                           -- Mark Sheperd        : tschroedat_private :
:........... http://www.zweknu.org/ for PGP key and more .............:

Next message: Chris Wedgwood: "Re: PATCH: Fix for linux 2.0.x -ve truncation problem"
Previous message: David Luyer: "truncate("x", -1)"
Maybe in reply to: Joel Maslak: "Plain text passwords--necessary"
Next in thread: Daniel Alex Finkelstein: "Re: Plain text passwords--necessary"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:42:49 PDT