Finding Passwords

Barry Shein bzs at world.std.com
Sat Sep 29 11:16:40 AEST 1990 

Dan Bernstein responding to me...

>> One simple and non-intrusive defense against most such attacks would
>> be if, on successful login, the system would just tell you how many
>> unsuccessful login attempts there have been on your account.
>
>That only defends against login spoofs.

Um, that's what we were talking about.

But it also warns about a lot of bad login attempts. Both of these are
basic and nicely and easily side-step a lot of the much harder
defenses people were suggesting.

>It does absolutely nothing for the sort of Trojan Horse that we're
>discussing.

What were "we" discussing? I thought we were discussing login spoofs?

It would be easy enough (and certainly not mutually exclusive) to add
the other info you mention. In fact, most of the additional info you
suggest is already available via the "last" command on most systems
and could easily be reformatted in a login script with a shell
on-liner (ok, maybe a few-liner, but nothing hairy.)

But currently the number of bad attempts at your account is largely
unavailable (getty does log it to the console/syslog on some systems,
so that might do it if this were universally accepted, just grovel
thru a log file.)

A lot of it does come down to not fatiguing the one thing all this
relies on: The person logging in. It's only useful if they look at the
info and think for a moment. I think if a half a screenful of info
were spewed at you on every login you'd start to ignore it real fast
(maybe not you personally, but most people, how many people seem to
have stopped reading the motd on your system long ago? Try putting a
line in your motd to mail to you if they read this and see how many
actually notice it.)

That's why I like, at least, the very short:

	term = (vt100)?
	No new messages.

	3 bad login attempts since last successful login.

	% 

let's see your output.
-- 
        -Barry Shein

Software Tool & Die    | {xylogics,uunet}!world!bzs | bzs at world.std.com
Purveyors to the Trade | Voice: 617-739-0202        | Login: 617-739-WRLD

More information about the Comp.unix.internals mailing list