From owner-freebsd-security  Sat Jan 13 19:51:47 2001
Delivered-To: freebsd-security@freebsd.org
Received: from mail.ipfw.org (cr308584-a.wlfdle1.on.wave.home.com [24.114.52.208])
	by hub.freebsd.org (Postfix) with ESMTP id B5D7437B400
	for <security@FreeBSD.ORG>; Sat, 13 Jan 2001 19:51:29 -0800 (PST)
Received: from apollo (apollo.objtech.com [192.168.111.5])
	by mail.ipfw.org (Postfix) with ESMTP
	id 1948D312D; Sat, 13 Jan 2001 22:51:25 -0500 (EST)
Date: Sat, 13 Jan 2001 22:51:24 -0500
From: Peter Chiu <pccb@yahoo.com>
X-Mailer: The Bat! (v1.49)
Reply-To: Webbie <webbie@ipfw.org>
X-Priority: 3 (Normal)
Message-ID: <58623706.20010113225124@ipfw.org>
To: "Crist J. Clark" <cjclark@reflexnet.net>
Cc: Frank Tobin <ftobin@uiuc.edu>, cjclark@alum.mit.edu,
	Dru <genisis@istar.ca>, <security@FreeBSD.ORG>
Subject: Re[2]: opinions on password policies
In-reply-To: <20010113165021.I97980@rfx-64-6-211-149.users.reflexco>
References: <Pine.BSF.4.21.0101131321210.89486-100000@genisis>
 <Pine.BSF.4.31.0101131726030.40290-100000@palanthas.neverending.org>
 <20010113165021.I97980@rfx-64-6-211-149.users.reflexco>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Saturday, January 13, 2001, 7:50:21 PM, you wrote:

CJC> On Sat, Jan 13, 2001 at 05:35:51PM -0600, Frank Tobin wrote:
>> While this may not be applicable to your situation, I feel that the best
>> policy is to demand public-key authentication.  The reason for this is to
>> limit the human factor, not demanding the user remember yet another unique
>> password.  If forced to remember another password, most users (including
>> myself) will often re-use a password they use at another place.
>> 
>> If your system is compromised, you do not to help the attackers, who are
>> now likely, get into other accounts the user might have other places
>> because they reused the pasword.  On the flip side, it would be best that
>> if the user was compromised someplace else, it won't help the attackers
>> use the authentication information to get into the victim's account on
>> your system.  Public-key systems prevent this sort of "chain-reaction"
>> account breakage.

CJC> I am not sure I understand your argument here. I your system, how does
CJC> the _user_ authenticate himself? Biometrics? HW token? Smart card?
CJC> Really, no passwords?

I think he means using a public-key pair without a passphrase. I could
be wrong though.

However, if the box that stores the private key is compromised, all
other remote boxes that use that key pair are in danger.




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message