passwords (was Re: 60-second timeout in Unix login)

[Root Boy Jim]

   From: Robert Cray <robert at stevie.cs.unlv.EDU>

   In article <12035 at brl-adm.ARPA> rbj at icst-cmr.arpa (Root Boy Jim) writes:
   >It is interesting that people's ideas on security are often wrong.
   >For example, some people around here think that having different
   >passwords on different machines provides better security than
   >using the same one for all machines! It just ain't so.

   But suppose you have an account on your machine, and an account on my
   machine.  I modify login on my machine to record your password.  I then
   try it on your machine.  If all machines are administered by a single
   entity, you are of course correct.  Also, supposed you have accounts
   on unix machines, where the password file is readable, and accounts on
   vms machines, where it is not.  If your unix password is in websters,
   I can get it.  Not so with vms, unless there is another security problem.

Evidently I left several premises unstated. First, I am talking about a
BSD environment. Anyone who has accounts on more than one machine is
likely to allow {rlogin,rsh,rcp} access to the other machines via .rhosts.
In any event, the machines are host.equiv'ed anyway.

Second, you do not have to go to such lengths to get my password. Just
su to root, then su to whoever you want. Then rlogin anywhere a .rhosts
file lets you. In short, if you allow access of this kind, you are also
trusting the root person(s) on that machine.

Given this environment, where one door opens them all, separate passwords
just gives the attacker multiple targets. That was my point.

					   --robert

	(Root Boy) Jim Cottrell	<rbj at icst-cmr.arpa>
	National Bureau of Standards
	Flamer's Hotline: (301) 975-5688
Uh-oh --  WHY am I suddenly thinking of a VENERABLE religious leader
 frolicking on a FORT LAUDERDALE weekend?