How secure is UNIX?

Richard Meesters ram at attcan.UUCP
Sat Jun 2 01:19:32 AEST 1990 

In article <1990Jun1.063800.17539 at athena.mit.edu>, jik at athena.mit.edu (Jonathan I. Kamens) writes:
> In article <11513 at vpk1.UUCP>, ram at attcan.UUCP (Richard Meesters) writes:
rm |> The point is, however valid.  If you are going to use a .netrc, why
rm cant it be
rm |> more like the passwd system.  This merely means that the ftp program must
rm |> provide the facilities for encryption/decription of the password,
rm rather than
rm |> leaving it up to the user to do so himself.  
> 
>   First of all, the ftp protocol doesn't say, "Two machines talking to
> each other using the protocol must both be Unix machines that use a
> standard crypt() function for password verification."  What it says is
> that there is a protocol command to send a password from the client to
> the server, and that server may use the password for verification in
> whatever way it chooses.

I'm not suggesting that we necessarily use the crypt() function call ala UNIX
to provide the data encryption.  What I'm suggesting is that perhaps the ftp
code should include some form of encryption/decryption algorithm to protect
the password information.  IMHO, any plain-text password stored on a system 
is a security risk, no matter how well it is protected.
> 
>   Second, if the client is supposed to do password encryption, then
> what's to stop me from logging into your machine, grabbing your
> encrypted password string from the /etc/passwd file, then ftp'ing back
> to the same machine with a hacked ftp client which sends that encrypted
> string as the password?  The ftp server says, "Gee, look, you've sent me
> the correct encrypted password!" and goes right ahead believing that I'm you.

Again, see above.  It doesn't have to be the same encryption algorithm that 
is used for /etc/passwd (or use the same key?).  So the password in 
/etc/passwd does not necessarily have any bearing on the passwd in .netrc.
The danger of a plain-text passwd in a file is that someone only has to SEE 
it, rather than necessarily decrypt it to be able to use it.

> 
>   If I've misunderstood what you're suggesting, then please forgive me,
> and please explain more clearly what you're suggesting.  If not, I think
> you've got to think through a bit more clearly exactly how ftp
> authentication, and Unix password authentication in general, works.
> 

Like I said in my previous posting, I'm by no means an expert on the topic, but
rather just kicking around ideas.  I appreciate your input.

Regards,

------------------------------------------------------------------------------
     Richard A Meesters                |
     Technical Support Specialist      |     Insert std.logo here
     AT&T Canada                       |
                                       |     "Waste is a terrible thing
     ATTMAIL: ....attmail!rmeesters    |      to mind...clean up your act"
     UUCP:  ...att!attcan!ram          |
------------------------------------------------------------------------------

More information about the Comp.unix.questions mailing list