From owner-freebsd-hackers  Sun Dec 15 15:06:25 1996
Return-Path: <owner-hackers>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.4/8.8.4) id PAA12285
          for hackers-outgoing; Sun, 15 Dec 1996 15:06:25 -0800 (PST)
Received: from garrison.inetcan.net (dreamer@garrison.inetcan.net [206.186.215.2])
          by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id PAA12252;
          Sun, 15 Dec 1996 15:06:13 -0800 (PST)
Received: (from dreamer@localhost) by garrison.inetcan.net (8.8.4/8.8.4) id RAA10623; Sun, 15 Dec 1996 17:10:04 -0700
Date: Sun, 15 Dec 1996 17:10:04 -0700 (MST)
From: Digital Dreamer <dreamer@garrison.inetcan.net>
To: Terry Lambert <terry@lambert.org>
cc: Bob Bishop <rb@gid.co.uk>, terry@lambert.org, proff@iq.org,
        security@FreeBSD.ORG, hackers@FreeBSD.ORG
Subject: Re: vulnerability in new pw suite
In-Reply-To: <199612152039.NAA23837@phaeton.artisoft.com>
Message-ID: <Pine.LNX.3.91.961215170735.10575A-100000@garrison.inetcan.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-hackers@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

On Sun, 15 Dec 1996, Terry Lambert wrote:

> Heh.
> 
> Please define "unsafe" in the context of a functional (inaccessible for
> pre-salt-based attacks) shadow password system.
> 
> 8-) 8-).
> 
> I'm tired of having passwd not let me use whatever password I want,
> considering that with a shadow file, the user will have to brute-force
> it through /bin/login or equivalent.  It seems the harder it becomes to
> see my post-encryption password, the more anal the passwd command
> becomes about making post-encryption passwords "safe" from attacks
> which are impossible to institute unless root has been compromised.
> 
> Just my opinion about anal passwd programs...

The idea, from what I understand, is to act as if you don't have shadow 
passwords, and therefore not rely on them.  Security through obscurity 
and all that.

For example, let's say someone breaks root on your machine.  Ok, you're 
in a lot of trouble.  But let's attempt to minimize the damage by not 
giving them 6e12 accounts to log on as in the future when/if they're 
discovered by handing over the passwords for them on a silver plate.  It 
takes a lot longer to get all your users to change passwords than it 
takes to fix a backdoored /bin/login.

dreamer