[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: pwdb breakage



Good grief, I'm posting a lot.  Sorry for all the verbiage...

Kirk Bauer writes:
>I would suggest adding something to the actual installation program that
>says "Would you like to enable Shadow Passwords?  This will greatly
>enhance the security of your system.  If you are not sure, answer Yes."
>And maybe even "Most Unix systems only have 8-character passwords.  Red
>Hat Linux gives you the choice to use more than 8 characters for your
>passwords.  This will also enhance system security.  Would you like to
>enable this?"

The amount of system security that you gain by using shadow passwords
over using cracklib is minimal unless you have active crackers already
on your system (and even then it isn't anything special).  The amount
of added security you get from properly salted MD5 passwords is significant
if and only if you have cracklib testing the quality of your passwords.

If it weren't for the importance of interoperability, MD5 passwords would
be the default.

We don't ignore security -- as anyone who follows redhat-announce-list
knows -- but we do evaluate things that are purported to enhance
security with a critical eye, and attempt to weight their real benefit.
"4X security" is meaningless.

>Quick question about MD5 -- I know what an MD5 checksum is... but
>I'm not exactly sure what MD5 would do for passwords.  I think the
>above is correct, but I'm not sure.

It gives you long passwords and makes them much more time-consuming
to crack even if they are visible, as long as they are good passwords.

>Can somebody point me to information on this or explain it to me.
>I know the standard 'crypt' command uses a 2-char salt and then an
>8-char password.  Then I've heard of references to big_crypt and
>md5.

big_crypt is less secure than crypt because of duplicated information --
using two crypt blocks with the same salt cuts the cracking time to
the square root (or was it less?  I don't know the math to figure it
out from scratch...) of what it would take to crack a standard crypt
password.  Doh!  That's why only people with good math backgrounds
ought to be designing crypto-based security...

>Is there any currently reliable way (in RHL4.2) to have bigger than
>8 character passwords?  I know in my /etc/shadow:
>
>root:XXXXXXXXXXXXX:10009:-1:-1:-1:-1:-1:0
>kirk:XXXXXXXXXXXXX:9991:-1:-1:-1:-1:-1:0
>tim:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:9970:-1:-1:-1:-1:-1:-1073743160
     $  $

That indicates an md5 password.  The $'s give it away.

>It looks like the user 'tim' has more signifigant digits for his
>password than either 'root' or 'kirk'.  Those last 2 are my accounts...
>but how come when I change my password I get only the standard passwords?

add the md5 option to the last line of /etc/pam.d/passwd

>Then again, I've played w/ many versions of PAM... maybe one of the
>versions I had installed at one time did this...

Likely one of Cristian's packages did this by default.  Not a bad
idea in general, and we'd do it if it were standard.

In any case, allowing md5 passwords was one of the main reasons
that Red Hat has supported PAM development -- it is more important,
in at least some of our opinions, than shadow passwords.

michaelkjohnson

"Magazines all too frequently lead to books and should be regarded by the
 prudent as the heavy petting of literature."            -- Fran Lebowitz


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []