Re: Logging attempted passwords

From: pleriche (pleriche_at_xalt.co.uk)
Date: 10/25/04

  • Next message: Jerry: "Re: How to verify Privilege Separation is working?"
    Date: Mon, 25 Oct 2004 13:21:53 +0100
    To: <secureshell@securityfocus.com>
    
    

    True up to a point, that if someone has compromised your logs then your login account isn't safe. But mainly because of privilege escalation threats. It's more than possible that the permissions on your logs might not be quite tight enough, whereupon if someone has hacked *any* unprivileged account (and there's sure to be one with a weak password) he has the possibility of hacking other, possibly more privileged accounts if hints to their passwords can be found in a log. Even if perms on logs are ok, you might still end up with passwords in an editor temporary file in /tmp. The only safe policy is to ensure passwords are *never* stored or displayed in the clear.

    If the burglar gets in the front door, you don't just wring your hands and say "OK, here's the keys to my safe", you make sure you put barriers in his way at every point you can.

    There is a place for using password crackers (with full, signed permission from management) for checking for weak passwords, but any other reason for logging passwords (short of a full-blown forensic investigation) would need a pretty convincing justification.

    - Philip

    >>Suppose your password is 'Open*SSH-3.9' (without the quotes). But
    >>> that's pretty hard to type on some keyboards with hyperactive Shift
    >>> keys, so maybe you fail by accidentally typing 'OPen*SSH-3.9', and
    >>> that gets logged. Now, someone gets hold of your logs (by whatever
    >>> means). Do you think your password is "safe" any more?
    >
    >
    >No, but even if my password is not logged in some log, I would think
    >my password was not safe if I knew that someone had gotten a hold of
    >the logs... If the system is compromised, then all bets are off.
    >It's that simple. Under such circumstances, you'd better change your
    >password, regardless (and re-install the OS from known-clean media,
    >and apply all updates before re-connecting it to the network, and)...


  • Next message: Jerry: "Re: How to verify Privilege Separation is working?"

    Relevant Pages

    • Re: Cryptography question
      ... >>encryption keys in the application. ... you this isn't very secure. ... You buy a safe and place it right outside you front door. ...
      (borland.public.delphi.non-technical)
    • Re: totally fucked it this time
      ... keys to get in to a safety deposit box. ... Cracking a safe is no little thing, ... cause for the cops, it's a freebie. ... They don't understand all those meds are to make you right, ...
      (alt.support.chronic-pain)
    • Re: Guns safe and floor loading
      ... # a lot of weight in the typical safe door, ... He claims the railing will come off easily ... and we can move the safe from the loader bucket straight across. ...
      (rec.guns)
    • Re: Is there really any point to encryption?
      ... > combination to your safe; failure to do so results in your imprisonment ... There's a good argument that not revealing the ... to evidence, you're completely eliminating access to it. ... When you hand over your "safe" keys and they find nothing but standard ...
      (alt.privacy)
    • After Action Report -- Gun Safe Installed
      ... in through a patio door on the second floor, then move it to the other ... I recalled that my own gun safe had shown up bolted to ... edge of the balcony to the door. ... We built a 4 food platform cantilevered out from the loader bucket, ...
      (rec.guns)