Re: Password thread (was: Re: [HACKERS] Updated TODO list)

At 10:45 AM -0700 7/15/99, Louis Bertrand wrote:
>Agreed: over the wire is _very_ important. The question remains: does the

>But above all: do not store passwords in cleartext. It makes it
>ridiculously easy for an attacker to take over user accounts. Let's say

There is a fundamental conflict here: If you want to encyrpt the stored
passwords then they have to go over the wire in the clear. If you want the
passwords encrypted over the wire then they need to be stored in the clear
on the machine. If you encrypt the channel (so you can encrypt the stored
passwords and still protect the wire) then the conflict applies to how you
set up the channel.

I walked in in the middle of this discussion, but if we are creating a
PG-unique authentication scheme I would hope that the PG passwords are not
those of the other unix user accounts.

Currently PG has a real grab-bag of authentication methods. This is nice,
but many of them are not very secure. If we can tie into something like
SSH, IPsec, or SSL then that is definitely to be prefered to doing it all
ourselves.

I wish I could recommend kerberos (which we already claim to support), but
the implementations I've seen seem buggy. NetBSD and Solaris both have it
built in, but there are subroutine name conflicts between the kerberos
libraries and some standard libraries on both platforms (different
conflicts). I think it's an example of good US technology being destroyed
by the ITAR restrictions. The overseas NetBSD developers, and a large
fraction of the US ones, don't touch the kerberos stuff, so it suffers
bitrot. Excuse the rant.

Signature failed Preliminary Design Review.
Feasibility of a new signature is currently being evaluated.
h(dot)b(dot)hotz(at)jpl(dot)nasa(dot)gov, or hbhotz(at)oxy(dot)edu