Password security - Another idea

Michael S. Fischbein msf at prandtl.nas.nasa.gov
Sat Jan 7 08:59:54 AEST 1989


In article <2629 at ficc.uu.net> peter at ficc.uu.net (Peter da Silva) writes:
>In article <654 at white.gcm>, dc at gcm (Dave Caswell) writes:
>> If people have no reason to look at encrypted passowrds and it is easy to make
>> sure they can't look, why not have hidden passwords?
>
>Because open passwords let users write utility programs that verify who you
>are.  If the password file is hidden, you need to provide a password
>verification server.

And, if you want compatability with the programs already written and
those to be written with a view towards the existing documentation, you
provide compatability with the getpwent(3) routines, and access to the
encrypted passwords is trivial.

Thus, to have a shadow passwd file you give up a significant amount of
com- patability with existing documented routines.  Perhaps making the
crypt(3) call have some knowledge of the number of times it has been
recently called and having it slow down would help.  This requires the
system's encryption routine to be publicly unknown, of course,
otherwise the algorithm could simply be reimplemented more quickly.
Rewriting crypt(3)  would lose for people setting up new systems and
trying to transfer passwords from old ones; a much rarer situation than
trying to port programs.

I'd guess the tradeoff involves how much non-vendor supplied (not just
freeware) software you use that requires password verification, what
sort of attacks you anticipate on the system, and how much effort you
can put into customizing stuff.

		mike



Michael Fischbein                 msf at prandtl.nas.nasa.gov
                                  ...!seismo!decuac!csmunix!icase!msf
These are my opinions and not necessarily official views of any
organization.



More information about the Comp.unix.wizards mailing list