Date: Mon, 16 Nov 1998 12:46:24 -0500 (EST) From: Robert Watson <robert@cyrus.watson.org> To: Thomas Valentino Crimi <tcrimi+@andrew.cmu.edu> Cc: Terry Lambert <tlambert@primenet.com>, freebsd-security@FreeBSD.ORG Subject: Re: Would this make FreeBSD more secure? Message-ID: <Pine.BSF.3.96.981116124210.15576A-100000@fledge.watson.org> In-Reply-To: <0qI4qUS00YUq09JbU0@andrew.cmu.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 16 Nov 1998, Thomas Valentino Crimi wrote: > Let's not forget that without cracking the password of a 'wheel' > member, su is still not going to let them in. If you have no wheel > members (ie, you only allow root access from console) all the password > cracking in the world isn't going to give them root. (of course, with a > whole lot password cracking they'll have the password to every account > on your box). > > Forcing them to crack 2 passwords, assuming they can properly > manipulate the sgid program to spitting out the master.password file > seems to be an improvement to me. Don't buffer overruns generally show > up as sig-11 core dumps? Meaning that if we assume the EFF 8 hours in > cracking the two passwords needed to obtain root, that's 8 hours more > than the 2 seconds the admin originally had to take action. Unfortunately, one of the most common security aids, sshd, is often used with 'PermitRootLogin' set to true. Similarly, the kerberized utilities will allow root to login as long as the tickets passed appear in the .klogin file. On the other hand, a factor of 2 improvement is not worth much, except in the RSA key breaking case, so... :) > And then we have md5 passwords, arguably broken, now, but orders of > magnitudes better than DES. I don't think I would consider md5 broken exactly. Just subject to intermittent collisions. Is there a deterministic (and fast) way to detect whether one is employing a hash subject to the described collision attack? If so, perhaps we can add a piece of code that attempts a number of values of salt, resulting in a more friendly hash. I prefer one-time passwords for security applications; on the other hand I eagerly await a nice (scalable) PK authentication system used with hardware keys. Robert N Watson Carnegie Mellon University http://www.cmu.edu/ TIS Labs at Network Associates, Inc. http://www.tis.com/ SafePort Network Services http://www.safeport.com/ robert@fledge.watson.org http://www.watson.org/~robert/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.981116124210.15576A-100000>