Security of Secure NFS
gnu at toad.com
gnu at toad.com
Mon Dec 4 18:28:21 AEST 1989
Preston Mullen asked back in Sept. whether Secure NFS's security was
"illusion or reality". The short answer is it's illusion.
One of the ten-minute talks at Crypto '89 in August was on "Cryptanalysis
of Secure NFS" by Andrew Odlyzko (research!amo) and Brian LaMacchie. They
found that Sun had made errors in the implementation that resulted in the
system being relatively insecure as cryptographic systems go. Also,
finding discrete logarithms doesn't appear to be as hard as Sun expected
it to be, so the numbers Sun is using aren't big enough to avoid people
simply burning some CPU time to break the system. Andrew says he "gave
the job of breaking it to a bright summer student" (LaMacchie). You
should contact them for the full details.
There are also major holes in the way the system starts up; the password
for "root" is stored in a file in the file system, so the system can boot
up without having someone type a password.
John Gilmore {sun,pacbell,uunet,pyramid}!hoptoad!gnu gnu at toad.com
Just say *yes* to drugs. Use your *no*s for government bullshit.
More information about the Comp.sys.sun
mailing list