Re: etc/passwd file
From: Nick Maclaren (nmm1@cus.cam.ac.uk)Date: 10/29/02
- Next message: Jürgen P. Meier: "Unix ist tatsächlich Scheiße"
- Previous message: : "Re: etc/passwd file"
- In reply to: : "Re: etc/passwd file"
- Next in thread: David Webb: "Re: etc/passwd file"
- Reply: David Webb: "Re: etc/passwd file"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: nmm1@cus.cam.ac.uk (Nick Maclaren) Date: 29 Oct 2002 14:22:59 GMT
In article <apm3og$ial$1@aquila.mdx.ac.uk>,
david20@alpha1.mdx.ac.uk (David Webb) writes:
|> In article <apjt6r$1ne$1@nntp.itservices.ubc.ca>, unruh@string.physics.ubc.ca (Bill Unruh) writes:
|> >
|> >]>why is the /etc/passwd file not hidden
|> >]>to make the system more secure?
|> >
|> >]/etc/passwd is world readable because when they developed Unix no one
|> >]thought about the security implications of anyone being able to read
|> >]the encrypted passwords. It really was another world when Unix was being
|> >]developed.
|> >
|> >Untrue. It was made open to ensure that the system designers designed
|> >the password storage system so that even if the password database was
|> >known to all, it would still be secure. Password hiding is not a very
|> >effective form of security.
|>
|> What the hell does that mean ?
|> Making the passwd database world readable meant anyone could take a copy of the
|> encrypted passwords and crack them at their leisure. As far as I am aware there
|> were no facilities forcing users to choose strong passwords or making them
|> change the passwords at short intervals. Basically this password system wasn't
|> designed with a great deal of thought about password cracking.
|> The systems were much slower hence it would take longer to crack the passwords
|> but that is no excuse for bad design.
You are wrong and Bill Unruh is right. Unix took its approach to
password files from the Titan operating system that was in use here
in the 1960s, though I am not quite certain that the technique was
invented at Cambridge. Back in those days, and for 20 years
thereafter, the technique of one-way encryption was adequately
secure.
What has changed in the 30+ years since Unix took that technique
on board is that most hackers now have access to enough power to
search the whole of the key space that is likely to be used for
passwords. This is a CHANGE in the constraints, and not an
indication that the original designers were not aware of the
problem.
They knew about the consequences of the widespread availability of
such computing power, and knew that it wouldn't be serious for a
decade and more. They assumed that development in that area would
continue, and that the mechanism would be replaced by - oh, say,
1985 at the latest. That was back in the very early 1970s.
Regards,
Nick Maclaren,
University of Cambridge Computing Service,
New Museums Site, Pembroke Street, Cambridge CB2 3QH, England.
Email: nmm1@cam.ac.uk
Tel.: +44 1223 334761 Fax: +44 1223 334679
- Next message: Jürgen P. Meier: "Unix ist tatsächlich Scheiße"
- Previous message: : "Re: etc/passwd file"
- In reply to: : "Re: etc/passwd file"
- Next in thread: David Webb: "Re: etc/passwd file"
- Reply: David Webb: "Re: etc/passwd file"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
