[Reality] Security Concerns
Glyph Lefkowitz
glyph@twistedmatrix.com
Mon, 4 Oct 1999 17:37:49 -0400 (EDT)
On Mon, 4 Oct 1999, James Knight wrote:
> This is essentially the same as storing a plaintext password, except that
> the actual text isn't known. Anyone who can read the password out of the
> mapfile can then login using that user [just read crypt(password, XX) from
> the file, and then send crypt(read_password, YY) to the server]. Now, it
> may be that this is deemed an okay sacrifice, but lets just be clear about
> what security actually exists here. As in previous schemes that have been
> proposed, this adds protection over the wire, but removes it locally.
> -James
Thank you for the much-needed clarification, james. This cold is turning
my brain into tapioca.
Thinking about it a bit more closely, unless we actually encrypt the
communication, it doesn't seem like there's any way of making the password
secure both on the disk and on the wire ... certainly not a trivial one
like this.
I guess I'll just wait for IPSec :)