Re: Plain text passwords--necessary

[den () FTP LOXINFO CO TH (Densin Roy.)]

see
http://world.std.com/~dpj


On Mon, 19 Apr 1999, Trevor Schroeder wrote:

> (Here's hoping this makes it past the censor ;)
>
> On Fri, 16 Apr 1999, Aleph One wrote:
>
> > Lots of replies to this message but they all failed to really answer
> > the questions raised by the original post.
>
> It seems to me that a lot of this could be avoided using tickets similar to
> Kerberos.  We have a trusted third party (TTP) that receives your
> credentials once and returns a ticket for a set of services with a given
> lifetime.  This ticket is good only within a certain context (certain
> services, servers, clients, times, dates, you name it and it can be rolled
> into the ticket).  That way if the ticket is compromised, it is of limited
> use (versus a full blown password with may be useful in other contexts.)
>
> The client could then use the old ticket (before it expires) to get a new
> ticket.  That way an attacker cannot get ahold of an unlimited use ticket
> but must continue to get new tickets from the client.  (or reveal himself
> by registering for his own new tickets).
>
> There is another rule to obey here:  have security levels associated with
> your passwords.  This would seem to be a no-brainer, but I guess it's not.
> It's usually not very feasible to have a separate password for everything
> so people pick a few.  If you do this, delegate one password (or set of
> passwords) as low security.  Think about what kind of service this is and
> how your password is likely to be stored.  Think about how much damage
> could be inflicted if blahblahblah.com accidentally lets out your chat
> password.  Don't let passwords for systems with secure password schemes
> (such as UNIX) be used for those with insecure schemes such as Netscape.
> (Using any of those "remember my password" features violates this nostrum.)
>
> The wisdom of this rule was highlighted by this very same Real Server oops.
> In an attempt to demonstrate to a friend that he needed to subscribe to
> BugTraq, I logged in and grabbed his RS password.  The disturbing thing is,
> I know that it's also a root password on some machines.  Oops, a silly
> mistake has now been elevated to a catastrophe.
>
> Otherwise, use a separate password for absolutely everything and record
> them securely.  That is to say, PGP encrypt them and take any steps
> necessary (such as disk wiping) to insure that it can only be recovered by
> someone who has the appropriate private key.
>
> Just my thoughts.
> .......................................................................
> : Bureaucracy is the enemy of innovation.          : Trevor Schroeder :
> :                           -- Mark Sheperd        : tschroed () acm org :
> :........... http://www.zweknu.org/ for PGP key and more .............: