How secure is UNIX?

Jonathan I. Kamens jik at athena.mit.edu
Fri Jun 1 16:38:00 AEST 1990 

In article <11513 at vpk1.UUCP>, ram at attcan.UUCP (Richard Meesters) writes:
|> The point is, however valid.  If you are going to use a .netrc, why
cant it be
|> more like the passwd system.  This merely means that the ftp program must
|> provide the facilities for encryption/decription of the password,
rather than
|> leaving it up to the user to do so himself.  

  First of all, the ftp protocol doesn't say, "Two machines talking to
each other using the protocol must both be Unix machines that use a
standard crypt() function for password verification."  What it says is
that there is a protocol command to send a password from the client to
the server, and that server may use the password for verification in
whatever way it chooses.

  Therefore, the ftp program can't "provide the facilities for
encryption/decription [sic] of the password", because it has no idea
what type of encryption the server at the other end is going to be expecting.

  Second, if the client is supposed to do password encryption, then
what's to stop me from logging into your machine, grabbing your
encrypted password string from the /etc/passwd file, then ftp'ing back
to the same machine with a hacked ftp client which sends that encrypted
string as the password?  The ftp server says, "Gee, look, you've sent me
the correct encrypted password!" and goes right ahead believing that I'm you.

  The security of the ftp password (well, at least, in the case of ftp
servers on Unix machines) works the same way as the security for a
normal Unix log-in password -- you give it a plaintext password, it
encrypts it, and if the encrypted string matches the string in the
passwd file, it assumes that you are who you say you are, since you've
provided a string that encrypts correctly.  Providing an already
encrypted string proves nothing.

  If I've misunderstood what you're suggesting, then please forgive me,
and please explain more clearly what you're suggesting.  If not, I think
you've got to think through a bit more clearly exactly how ftp
authentication, and Unix password authentication in general, works.

Jonathan Kamens			              USnail:
MIT Project Athena				11 Ashford Terrace
jik at Athena.MIT.EDU				Allston, MA  02134
Office: 617-253-8495			      Home: 617-782-0710

(Isn't it about time somebody wrote a Kerberized ftp client/server? :-)

More information about the Comp.unix.questions mailing list