[1077] in linux-net channel archive
Re: Rewrite DIP-337n-inaky to handle script file encryption
daemon@ATHENA.MIT.EDU (Fran Taylor)
Sun Sep 10 05:14:43 1995
Date: Thu, 7 Sep 1995 12:00:53 -0700
From: narf@speakeasy.org (Fran Taylor)
To: linux-net@vger.rutgers.edu, linux-apps@vger.rutgers.edu
In-reply-to: <Pine.LNX.3.91.950906130456.660C-100000@goddard.shore.net>
(scrain@goddard.shore.net)
Reply-to: narf@speakeasy.org
my two cents worth on encrypting the ppp password:
In my opinion, keeping the world from reading the file with the
password is the best you can do. Someone would have to get root access
to see the password. But if some hacker got in as root, he could
possibly (probably!) hack things so that he could see the password
going out the serial port. I can think of several ways to pull it
off. All the encryption effort is for naught if this happens. So why
bother. Remember the maxim from the Unix security gurus: you can't do
secure communications from a compromised machine.
Something to try is to put the ppp router on a dedicated machine
(old 386 machines are great for this), don't give out any shell
accounts on it, and disallow root logins from the dialup ports. If you
turn off ftpd, telnetd and rlogind so you have to login from the
console, then your password is rather secure. It's a pain in the ass
to configure, but you'll get motivated to get it right so you never
have to touch it or worry about it again.
