[10219] in bugtraq
Plain text passwords--necessary
daemon@ATHENA.MIT.EDU (Joel Maslak)
Thu Apr 15 13:24:16 1999
Date: Wed, 14 Apr 1999 12:34:37 -0600
Reply-To: jmaslak@wind-river.com
From: Joel Maslak <bugtraq@WIND-RIVER.COM>
To: BUGTRAQ@NETSPACE.ORG
Please send replies either to the list or to jmaslak@wind-river.com.
The "bugtraq@wind-river.com" is simply a list reflector into my systems.
I've been reading this list for a lot of time. Every month or so,
someone notices a "plain text password," criticizes the security of the
product at hand, and explains how nothing should be plain-text.
However, I did think we were trying to avoid security by obscurity. Any
system which needs to know the password (not just a hash of it or some
such), to do things like log into another server, has to know the real
password. Simply knowing the hash won't work, obviously.
But, what does the (in)security community want systems to do? Do some
sort of "encryption" of the password. But, wait a minute... The key to
decrypt has to be in the program somewhere, doesn't it? Otherwise, how
would the program be able to find the original password (I'm NOT talking
about Unix style hashes -- Unix doesn't log into other computers as
certain users, with the possible exception of UUCP which stores the
password in plain-text). If the program's code can decrypt the
password, all we are relying on is security through obscurity -- the
fact that a user doesn't "know" the decryption algorithm.
I would much rather, as an admin, know exactly where and how a password
is stored! Wouldn't you? But, with this security through obscurity, it
just makes it harder for us to figure that out, and the "encryption"
adds a false sense of security on top of it!
Please, people, let's think through what we are making venders do.
Let's go for real security, not a nice, warm feeling!
Joel Maslak
System Programmer
Wind River Visual Communication
