Password security - Another idea
Barry Shein
bzs at Encore.COM
Wed Dec 28 02:01:58 AEST 1988
>With all the concern for control of access to passwords, even when encrypted,
>why now make passwords more integral to the kernel? The kernel could maintain
>passwords encrypted somewhere on the disk, but not directly accessible thru
>filesystem access. Special system calls would exist to store/retrieve encrypted
>passwords. The system calls could be restricted to root, and use would be
>recorded in an audit log(handle like process accounting logs) to detect
>password breakin attempts.
>
>I think this would be more secure than current password file or the shadow
>password file. Any comments?
Yes, somewhere and at some time we are going to have to do the hard
work of analyzing whether or not hiding encryptions improves security
as a general principle (as opposed to coming up with new ways to hide
them before doing the ground work.)
Hiding something indicates that it is dangerous if revealed. It says,
basically, that encryption technology is inadequate and cannot be made
to work, the only reasonable protection is secrecy. Do we honestly
believe this? Or, worse, do we believe that security is attained by
layering anything we can think of onto the system?
-Barry Shein, ||Encore||
More information about the Comp.unix.wizards
mailing list