passwds and crypt(3)...

[Don Ingli]

How about this idea for passwd storage.....

When the root filesystem/partition is created the UNIX machine should reserve
n BYTES on the disk that is stored PHYSICALLY on the disk but not in a file.
Thus, the UNIX security software would have read the passwds from sector x
of disk y and de-crypt them using a crypt that uses the SOFTWARE Serial Number,
Node name and a Random Code entered by the sysadm and stored like the passwds.

Also, the SALT chars would be used to decrypt....

For those who want added security, look up the pwconv(1M) command.
What this does is creates a file called shadow that only root can read.
It contains just the encrypted passwd so non-rooters can never see the
encrypted passwds:

in /etc/shadow:

don:ABencrypted:1010:101


in /etc/passwd:


don:x:usrid:grpid:etc....

notice an x in the passwd field?  That will be in EVERY entry in the passwd
file!  I'd like to see a hacker get the passwd out of an x!!

Anyway, I guess what I am trying to say is that maybe UNIX should place the
SHADOW file somewhere on the disk, but not in a file....

comments????


 DON INGLI------------------------------------------------------------+
 UNITED STATES DEPARTMENT OF AGRICULTURE - SOIL CONSERVATION SERVICE  |
 bitnet: agriscs at umcvmb.bitnet  internet: agriscs at umcvmb.missouri.edu |
 attmail: attmail!attbl!arpa!umcvmb.missouri.edu!agriscs              |
 ALL OPINIONS IN THIS NOTE ARE OF MY OWN AND DO NOT REPRESENT THE     |
 FEDERAL GOVERNMENT OR THE UNIVERSITY OF MISSOURI-COLUMBIA -----------+