- From: Dave Kristol <dmk@allegra.att.com>
- Date: Wed, 1 Feb 95 17:31:47 EST
- To: john@math.nwu.edu
- Cc: www-security@ns2.rutgers.edu, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com, eric@allegra.att.com, jeff@spyglass.com
I suggested having an encoded (encrypted) password in the server-side password file. John Franks said: > This is a good idea, but it is important to understand that it doesn't > really protect you the way you might think. It is still necessary to > protect the password file from being read by any untrusted user. If > an untrusted user gets the encoded password f(passwd) he can create > MD5(nonce f(passwd)) and access everything the user with passwd is > entitled to. The reason it is a good idea is that people foolishly > tend to use the same password on many systems so the sysadmin on the > SimpleMD5 system might read the password and guess that the user has > that password on a different system. I certainly agree, and I don't want to imply that I believe this is bullet-proof security. The point, though, is that if I grabbed a password from the server-side file, I could masquerade as a user by simply entering that user's password to my favorite browser. If the password is encoded, I have to go to some more trouble to spoof the user, because I can't simply supply the encoded value to the browser. Dave Kristol
Received on Wednesday, 1 February 1995 14:52:51 UTC