I suggested having an encoded (encrypted) password in the server-side password file. John Franks said: > This is a good idea, but it is important to understand that it doesn't > really protect you the way you might think. It is still necessary to > protect the password file from being read by any untrusted user. If > an untrusted user gets the encoded password f(passwd) he can create > MD5(nonce f(passwd)) and access everything the user with passwd is > entitled to. The reason it is a good idea is that people foolishly > tend to use the same password on many systems so the sysadmin on the > SimpleMD5 system might read the password and guess that the user has > that password on a different system. I certainly agree, and I don't want to imply that I believe this is bullet-proof security. The point, though, is that if I grabbed a password from the server-side file, I could masquerade as a user by simply entering that user's password to my favorite browser. If the password is encoded, I have to go to some more trouble to spoof the user, because I can't simply supply the encoded value to the browser. Dave KristolReceived on Wednesday, 1 February 1995 14:52:51 EST
This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:31:13 EDT