From owner-freebsd-hackers  Thu Jun 22 07:47:05 1995
Return-Path: hackers-owner
Received: (from majordom@localhost)
          by freefall.cdrom.com (8.6.10/8.6.6) id HAA10823
          for hackers-outgoing; Thu, 22 Jun 1995 07:47:05 -0700
Received: from beru.wustl.edu (beru.wustl.edu [128.252.157.65])
          by freefall.cdrom.com (8.6.10/8.6.6) with SMTP id HAA10817
          for <freebsd-hackers@freebsd.org>; Thu, 22 Jun 1995 07:47:02 -0700
Received: by beru.wustl.edu (4.1/ECL-A1.21)
	id AA08162; Thu, 22 Jun 95 09:45:55 CDT
Date: Thu, 22 Jun 95 09:45:55 CDT
Message-Id: <9506221445.AA08162@beru.wustl.edu>
From: Brian Gottlieb <brian@arl.wustl.edu>
To: freebsd-hackers@freebsd.org (FreeBSD hackers),
        joerg_wunsch@uriah.heep.sax.de (Joerg Wunsch)
Subject: Re: PPP password security
In-Reply-To: <199506220615.IAA24196@uriah.heep.sax.de>
References: <199506212159.RAA22871@magic.winnet.net>
	<199506220615.IAA24196@uriah.heep.sax.de>
Sender: hackers-owner@freebsd.org
Precedence: bulk


J Wunsch <j@uriah.heep.sax.de> (J) writes:

J> As Piero Serini wrote:
>> 
>> > ...  If you cannot
>> > trust root, forget about Unix security.
>> 
>> So  if  I  crack root on a single machine of yours, do I also get
>> all the routers' passwords in your network, and  a  nice  set  of
>> .rhosts all around your machines?

J> You will certainly get all the passwords of machines where i need to
J> log in automatically.  You won't get any other password, of course,
J> since i've got the habit of neither writing passwords down anywhere
J> nor storing them anywhere in a computer. :-)

J> The original poster clarified meanwhile that he actually intented to
J> enter the encryption key manually each time (but hmm, why doesn't he
J> enter the password manually then eacht time? :), but anything you
J> wanna have done automatically suffers from the above problem.

Well, I suppose I should step in and let everyone know my current
idea.  To restate the problem for clarity, I was concerned about
leaving a login script in plain-text.  The script would be compromising
my password into my ISP's machine (since it uses it to log in).  My
solution to this was to manually enter the login script after running
the ppp program.  Ideally, I would only need to run it after a reboot,
so it would be a minor inconvenience.

But then there is the problem of the ppp.security file having a
plain-text password in it.  This was where I wanted to have it use a
stored encrypted password.  If it had that, then it could go a step
further and have the login script encrypted in the ppp.conf file and
have the key bey the plain-text password (that it would get when I
connected to it and authenticated the first time).But seeing as how
that still doesn't get away from any interaction on my part, it would
be just as easy to enter the script then, too.

So now I am thinking of adding a "set passwd" command to the program.
So the first time I run it (with -auto), then connect, I set the login
script, and set the password.  On subsequent connections, it will use
that password instead of going to the ppp.secret file.  To me, this is
more secure, since the password doesn't appear anywhere except in
memory, and I can change it on a whim.

For now, however, I have done as J"org suggested for convenience.

brian