[51414] in Cypherpunks
Remailer Security
daemon@ATHENA.MIT.EDU (Jonathan Rochkind)
Mon Mar 4 23:28:07 1996
Date: Mon, 4 Mar 1996 23:06:15 -0500
To: cypherpunks@toad.com (Cypherpunks Mailing List)
From: jrochkin@cs.oberlin.edu (Jonathan Rochkind)
At 11:06 PM 03/04/96, lmccarth@cs.umass.edu wrote:
>Bottom line: if you can crack (say) the 8-character Unix passphrase for a
>remailer account, you have full access to the remailer's secrets and all the
>opportunities that presents. Good remailer account passphrases are
>important.
Um, there's no reason why your remailer's account needs to be logged into
interactively, is there? Seems like remailer ops should disable login to
remailer accounts, putting '*' into the password field in /etc/passwd, or
however unix lets you disable login (I know it does).
Obviously, the general security risk of someone gaining unauthorized access
to the remailer executable or data files is still there, and important to
keep in mind. But this would seem to be a fairly logical security measure.
