see http://world.std.com/~dpj On Mon, 19 Apr 1999, Trevor Schroeder wrote: > (Here's hoping this makes it past the censor ;) > > On Fri, 16 Apr 1999, Aleph One wrote: > > > Lots of replies to this message but they all failed to really answer > > the questions raised by the original post. > > It seems to me that a lot of this could be avoided using tickets similar to > Kerberos. We have a trusted third party (TTP) that receives your > credentials once and returns a ticket for a set of services with a given > lifetime. This ticket is good only within a certain context (certain > services, servers, clients, times, dates, you name it and it can be rolled > into the ticket). That way if the ticket is compromised, it is of limited > use (versus a full blown password with may be useful in other contexts.) > > The client could then use the old ticket (before it expires) to get a new > ticket. That way an attacker cannot get ahold of an unlimited use ticket > but must continue to get new tickets from the client. (or reveal himself > by registering for his own new tickets). > > There is another rule to obey here: have security levels associated with > your passwords. This would seem to be a no-brainer, but I guess it's not. > It's usually not very feasible to have a separate password for everything > so people pick a few. If you do this, delegate one password (or set of > passwords) as low security. Think about what kind of service this is and > how your password is likely to be stored. Think about how much damage > could be inflicted if blahblahblah.com accidentally lets out your chat > password. Don't let passwords for systems with secure password schemes > (such as UNIX) be used for those with insecure schemes such as Netscape. > (Using any of those "remember my password" features violates this nostrum.) > > The wisdom of this rule was highlighted by this very same Real Server oops. > In an attempt to demonstrate to a friend that he needed to subscribe to > BugTraq, I logged in and grabbed his RS password. The disturbing thing is, > I know that it's also a root password on some machines. Oops, a silly > mistake has now been elevated to a catastrophe. > > Otherwise, use a separate password for absolutely everything and record > them securely. That is to say, PGP encrypt them and take any steps > necessary (such as disk wiping) to insure that it can only be recovered by > someone who has the appropriate private key. > > Just my thoughts. > ....................................................................... > : Bureaucracy is the enemy of innovation. : Trevor Schroeder : > : -- Mark Sheperd : tschroedat_private : > :........... http://www.zweknu.org/ for PGP key and more .............: >
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:43:08 PDT