From owner-freebsd-security Sun Aug 5 11:58:22 2001 Delivered-To: freebsd-security@freebsd.org Received: from mail-green.research.att.com (H-135-207-30-103.research.att.com [135.207.30.103]) by hub.freebsd.org (Postfix) with ESMTP id 56CE037B401 for ; Sun, 5 Aug 2001 11:58:19 -0700 (PDT) (envelope-from fenner@research.att.com) Received: from alliance.research.att.com (alliance.research.att.com [135.207.26.26]) by mail-green.research.att.com (Postfix) with ESMTP id 6690F1E005 for ; Sun, 5 Aug 2001 14:58:10 -0400 (EDT) Received: from windsor.research.att.com (windsor.research.att.com [135.207.26.46]) by alliance.research.att.com (8.8.7/8.8.7) with ESMTP id OAA18768 for ; Sun, 5 Aug 2001 14:58:05 -0400 (EDT) From: Bill Fenner Received: (from fenner@localhost) by windsor.research.att.com (8.8.8+Sun/8.8.5) id LAA15976; Sun, 5 Aug 2001 11:58:04 -0700 (PDT) Message-Id: <200108051858.LAA15976@windsor.research.att.com> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII To: freebsd-security@freebsd.org Subject: Opie and protecting passphrases Date: Sun, 5 Aug 2001 11:58:03 -0700 Versions: dmail (solaris) 2.2j/makemail 2.9b Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I'd like to start a discussion on the subject of protecting passphrases. Opie tries really hard to protect the user from typing their passphrase over an insecure connection; any time you run programs like opiekey or opiepasswd they say: Reminder: Don't use opiekey from telnet or dial-in sessions. If they think that you are not using a secure session, they say: Sorry, but you don't seem to be on the console or a secure terminal. and do not prompt for the pass phrase. There is an "-f" flag to override this check, but it's not enabled by the FreeBSD build: nectar% otp-md5 -f 1 nanny Sorry, but the -f option is not supported by this build of OPIE. I'd like to enable opie's "INSECURE_OVERRIDE" by default in FreeBSD. My reasoning is that: a) opie uses heuristics, which can't always be right. b) The heuristics can be fooled, so they are not a panacea even if they're usually right. c) the default behavior continues to be that the user is not prompted for the passphrase; INSECURE_OVERRIDE only allows specifying the "-f" flag. d) Other parts of the system, like ssh, make no attempt to protect the user from typing a passphrase over an insecure connection. See PR bin/23203: http://www.freebsd.org/cgi/query-pr.cgi?pr=23203 for more details. Thanks for any thoughts, Bill To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message