[nSLUG] US Homeland Security
jeffw at chebucto.ns.ca
Wed Aug 18 19:55:11 ADT 2004
On Wed, 2004-18-08 at 17:29 -0300, Jason Kenney wrote:
> As far as passwords go you can already brute force them pretty easily I
> think... I think keeping the shadow file secure is more important than
> choosing a "tough" password (on servers on the web... in corporate
> environments, it might be the opposite...). If someone really wants in,
> that's the only way... If they have the shadow file alread it's only a
> matter of time and money.
More important then strong passwords is strong password /exchange/. Or
more generally, strong authentication. Which means no clear text
password exchange at all. There are a number of possibilities, Kerberos,
x509 user certs for TLS, one of the challenge/response methods such as
CRAM-MD5 or DIGEST-MD5 - preferably wrapped up in SASL for modularity.
While the best I can find is a short line from a presentation, the
IETF has gone on the record as saying they will no longer approve RFCs
that even _allow_ for plan-text password exchange (and "always use on
IPSEC" isn't good enough).
If someone has access to you shadow file, all is lost already. Unless
ones configuration is seriously wacked, the list of account(s) with
access to read shadow is strikingly similar to the list of accounts who
can write to it. Not to mention that that list is similar to the list of
accounts who can read - and write - any file on the system, completely
removing the necessity of attacking a particular password/account.
As for "tough" passwords there is a direct relationship between the
required toughness of password and the probability of a user writing it
 http://jis.mit.edu/sectutorial/ "The Perfect World"
More information about the nSLUG