[577] in Kerberos
password checking
daemon@TELECOM.MIT.EDU (Mark Lillibridge)
Mon Jan 9 11:49:27 1989
From: Mark Lillibridge <chariot@ATHENA.MIT.EDU>
To: smb@RESEARCH.ATT.COM
Cc: Saltzer@ATHENA.MIT.EDU, jis@ATHENA.MIT.EDU, kit@ATHENA.MIT.EDU,
In-Reply-To: smb@research.att.com's message of Sun, 08 Jan 89 21:58:48 EST <8901090258.AA11452@hector.homer.nj.att.com>
Reply-To: chariot@ATHENA.MIT.EDU
> From: smb@research.att.com
> Date: Sun, 08 Jan 89 21:58:48 EST
> Not quite correct. A major purpose of shadow password files is to
> prevent ``fishing'' -- trying to find a single weak password. Stealing
> a single login session lets you attack one password; it doesn't tell
> you if there's a maintenance account with no password, or some such.
Well, at Athena at least, this is not too much of an issue. If
I remember the figures right, according to a recent study (if you want
detailed figures you'll have to ask Jeff Schiller), 50% of all athena
users log in during a two week period. (This figure is pretty rough but
gives the right idea) Hence, if the attacker collects all login sessions
for two weeks he has half the "password file". If there are any weak
passwords, he has a 50% chance of finding them. For this reason, I
don't think the security added would be worth the cost. (I estimate 2
extra packets to log in) If people expect to have a lot of unused
accounts floating around with very easy passwords, perhaps its worth the
cost. Comments?
- Mark
