Yet Another useful paper

Liber nevin1 at ihlpb.ATT.COM
Thu Dec 22 10:10:21 AEST 1988 

In article <12750 at bellcore.bellcore.com> karn at ka9q.bellcore.com (Phil Karn) writes:

>My
>fear is that it will make administrators complacent; they'll reason that
>since no one can get at the file, then there's no need to ensure on a
>regular basis that people pick hard-to-guess passwords.

Any administrator who will reason this out probably has so many other security
holes on his/her system that it won't really matter anyway.  Do you
really want someone that naive as your system's "most trusted user"?

>The next thing you'd know, the crackers would be back because they figured
>out somebody's trivial password by trial and error through the login prompt.
>It doesn't take very long to try the simple permutations even that way.

And by not putting shadow password files on the system, a cracker is
going to think that it will be *harder* to break the system than if he
couldn't read the password file?  I have a very hard time believing
this.

>I think the password file should remain publicly readable, thereby giving
>the administrators more of an incentive to police it regularly for
>easy-to-guess passwords.

If it is possible for your adminstrator to reason that there is no need
to make sure passwords are hard to guess when shadow files are around,
won't he/she also reason that there is no need to make sure passwords
are hard-to-guess when the passwords themselves are crypted?  These
both follow the same line of reasoning (as a matter of fact, the second
case is more likely since this is the well-known reason for being able
to have /etc/passwd readable in the first place.  For a reference, look
at section 2.4 of K&P's "The Unix(R) Programming Environment").

Also, since most of the administors I know don't bother to police their
password files manually (only the gurus at NSA can uncrypt in their
head :-)), why would running their automatic tools be any different
with shadow files?

In this case, the less information given to a cracker, the better.
It's just too easy to break into a system given an encrypted password
file and a little knowledge about human nature.
-- 
NEVIN ":-)" LIBER  AT&T Bell Laboratories  nevin1 at ihlpb.ATT.COM  (312) 979-4751

More information about the Comp.unix.wizards mailing list