[1051] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Saving Passwords in Binaries

daemon@ATHENA.MIT.EDU (Todd W Burgess)
Thu Aug 22 07:16:55 1996

Date: Wed, 21 Aug 1996 11:51:50 -0400 (EDT)
From: Todd W Burgess <tburgess@uoguelph.ca>
To: linux-security@tarsier.cv.nrao.edu
In-Reply-To: <01BB8E66.14FAA6C0@jabpc.jabsoft.com>

     I have been working on a program which will check for new mail on an 
IMAP server and have encountered an interesting problem. My program is 
written in C and runs (currently) under Linux and HPUX. It initiates an 
IMAP session by connecting to port 143 on the IMAP server. 
     The problem is this: In order to start an IMAP session the IMAP 
server needs a username and a password (both must be in plain-text). A 
typical IMAP login string would look like "? login username password\n".
     In order to get the username and password I have come up with two 
solutions:
	Solution 1: Involves calling getuid(2) to get the user ID and then
	calling getpwuid(3) to get the encrypted password. I then query the
	user for the password, crypt(3) the user supplied password, compare
	the encrypted user supplied password with the one from 
	getpwuid(3) and if they match then I know I have the right password.
	The program then will login to the IMAP server.
	Solution 2: Have the user edit a .h file. The user edits two defines
	one define is the IMAP username and the other is the password. 
	The user then compiles the program, verifys that it works and 
	deletes the .h file they edited. 

    Problem with solution 2 is that if either the user has group or world 
read permissions set on the binary then it is posssible for an 
unauthorized individual to find out the user's password simply by doing a 
"strings <binaryname>" (because the user enters them into the .h file in 
plaintext form they get saved in the binary in plaintext).
    Solution 1 does not have the above security flaw. The only problem is 
that everytime you run it, you have to type in your password. The 
advantage to Solution 1 is the user does not have to compile the program 
to get it to work.

    So what it comes down to is this: I would be interested in hearing 
about ways I could store the password in the binary in an encrypted form. 
The criteria for the encryption algorithm is this: it can not violate any 
international laws, whatever gets encrypted must also be decrypted (ie no 
"one-way" encryption algorithms) and the algorithm makes it impractical 
to easily crack the password.

    I have very little experience in implementing encyption algorithms so 
I would be interested in hearing from people who have. The biggest 
encyption project I ever did was write a rot13 algorithm in 68000 
assembly on a final exam. 
    If anybody is interested in what I have done so far, e-mail me and I 
will send you the code. 

[REW: Cryptographically: if your program can decode the password, so
can someone else. The easiest way would be to just run the program and
use strace to find the "write username,password to the server".

If you correctly emphasize that your encryption is "for authentification
purposes only" you won't have export problems.

I'd allow the user to put the IMAP loginname and password in a file.
Your program should test that the file is not world readable. If you
can't find that file, ask the user (i.e. fall back on your "solution
1"). The information in this file could be encrypted just as in your 
"solution 2".]


University of Guelph, Computer Science Major   E-mail: tburgess@uoguelph.ca
URL: http://eddie.cis.uoguelph.ca/~tburgess

home help back first fref pref prev next nref lref last post