Path: utzoo!attcan!uunet!husc6!mailrus!cornell!uw-beaver!tikal!sigma!sea375!dave From: d...@sea375.UUCP (David A. Wilson) Newsgroups: comp.unix.wizards Subject: Password security - Another idea Message-ID: <228@sea375.UUCP> Date: 24 Dec 88 21:06:07 GMT Organization: At Home in Seattle, WA Lines: 27 With all the concern for control of access to passwords, even when encrypted, why now make passwords more integral to the kernel? The kernel could maintain passwords encrypted somewhere on the disk, but not directly accessible thru filesystem access. Special system calls would exist to store/retrieve encrypted passwords. The system calls could be restricted to root, and use would be recorded in an audit log(handle like process accounting logs) to detect password breakin attempts. The only security hole to fill would then be the prevention of obtaining passwords by direct access to the system disk. Perhaps the kernel could also audit any access to the disk blocks containing the passwords using the disk drivers directly(system backups must be able to backup these blocks although the audit log would record this). Single-user mode should support an optional password(separate from root) to control single-user access to the system. These changes should incur very little system overhead, some kernel code, some changes to disk drivers and few changes to existing admin programs. I think this would be more secure than current password file or the shadow password file. Any comments? Think about it, -- David A. Wilson uw-beaver!tikal!slab!sea375!dave
Path: utzoo!utgpu!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu! bloom-beacon!bu-cs!encore!bzs From: b...@Encore.COM (Barry Shein) Newsgroups: comp.unix.wizards Subject: Re: Password security - Another idea Message-ID: <4523@xenna.Encore.COM> Date: 30 Dec 88 00:32:42 GMT References: <228@sea375.UUCP> <4497@xenna.Encore.COM> <2271@pompeii.cs.swarthmore.edu> Organization: Encore Computer Corp, Marlboro, MA Lines: 45 In-reply-to: schwartz@cs.swarthmore.edu's message of 28 Dec 88 19:35:32 GMT Posting-Front-End: GNU Emacs 18.41.15 of Tue Jun 9 1987 on xenna (berkeley-unix) Ok, this is getting ridiculous... Can we assume that before we make exotic changes like shadow passwords we can make simple changes (some Unix's already have these) to the passwd changing programs like: 1. Some mixture of upper case, lower case, digits and/or punctuations. 2. No dictionary words (even mixed case.) 3. Can't use login name, system name and a bunch of other easily checked words or patterns (3 digits, dash, 4 digits.) 4. Must be eight chars (or 7 if you're not that paranoid.) 5. Finally, will educate users about how to choose a good password (maybe we can group-write a document about just that, that would be a useful outcome of this conversation.) This is trivial and can be enforced relatively easily without changing all sorts of system software, only one program needs to be modified. Something has to be tacit, every time someone says that eight chars from a 64 or 100 char set should be sufficient someone else jumps up and says "not if they're all lower-case!", assume when we say "from 100 chars" we mean we'll make it hard to search less, not "from 100 chars or any number less down to one". And let's let the conversation about more exotic methods (password aging, shadow password files, anything beyond influencing a reasonable choice of a good password in the first place which some of us claim is sufficient) proceed from there instead of going round and round in circles. *Think*, people, how in the world can password aging protect against choosing a word from the dictionary (as one poster just claimed.) I can crack that looooong before your password ages (unless it ages every few minutes.) It's a worthwhile topic, let's not let it degenerate due to thoughtlessness. -Barry Shein, ||Encore||
Path: utzoo!utgpu!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!mailrus! ncar!ames!pasteur!ucbvax!bostic From: bos...@ucbvax.BERKELEY.EDU (Keith Bostic) Newsgroups: comp.unix.wizards Subject: Re: Password security - Another idea Message-ID: <27283@ucbvax.BERKELEY.EDU> Date: 30 Dec 88 18:18:29 GMT References: <228@sea375.UUCP> <4497@xenna.Encore.COM> <4523@xenna.Encore.COM> Organization: University of California at Berkeley Lines: 18 In article <4...@xenna.Encore.COM>, b...@Encore.COM (Barry Shein) writes: > 5. Finally, will educate users about how to choose a good > password (maybe we can group-write a document about just > that, that would be a useful outcome of this conversation.) > > This is trivial and can be enforced relatively easily without changing > all sorts of system software, only one program needs to be modified. I find educating users to be a lot more than "trivial". And no matter how stringent your attempt to make the criteria, users will find a way to get a stupid password into the machine. I like some form of shadow passwords as a solution. Once they're in place, you no longer care what the user picks for a password, as long as it's N characters long and not the account name. Keith Bostic