Newsgroups: sci.crypt
Path: utzoo!henry
From: henry@utzoo.uucp (Henry Spencer)
Subject: Re: Unix Password Hacker
Message-ID: <1988Mar2.235819.18983@utzoo.uucp>
Organization: U of Toronto Zoology
References: <731@ddsw1.UUCP> <657@morningdew.BBN.COM>
Date: Wed, 2 Mar 88 23:58:19 GMT

> Suggestions like the one of read protecting the password file *and*
> encrypting it raise a red flag for me.  If the encryption scheme is good,
> then read protecting the passwords is unnecessary.  Similarly, if the
> read protection on the password file really works, then encrypting the
> passwords is a waste of time...

No, not quite.  The wording you are looking for is "If the encryption
scheme is PERFECT, then read protecting the passwords is unnecessary.
Similarly, if the read protection on the password file is PERFECT, then
encrypting the passwords is a waste of time."  This is true but irrelevant,
since perfection is not available.

> More generally, if there are two indepen-
> dent security checks on a system, and an intruder can subvert the first
> security check with effort E1 and the second security check with effort
> E1, then the total effort to crack the system is E1+E2.  This is less
> than 2*max(E1, E2), so very little is lost by abandoning one of the two
> security checks.

Only if E1 >> E2 or vice-versa.  If they are of the same order of magnitude,
then E1+E2 does approximate 2*max(E1, E2) and abandoning one of them does
reduce security significantly.

> ... A system in which an intruder
> must bypass 2 or 3 ineffective security mechanisms is not much harder
> to penetrate than a system with only one ineffective security mechan-
> ism...

True.  However, a system in which an intruder must bypass 2 or 3 effective
but not perfect security mechanisms *is* much harder to penetrate than a
system with only one such mechanism.  There is no such thing as perfect
security; no system is invulnerable, if only because the physical hardware
can't be.  The best we can do is to put as many obstacles in the intruder's
path as possible, in hopes that the effort needed to overcome them all will
discourage him enough to make him go somewhere else.  Feel free to rely on
single security mechanisms; that way the bad guys will attack you and not
me, which suits me fine!
-- 
Those who do not understand Unix are |  Henry Spencer @ U of Toronto Zoology
condemned to reinvent it, poorly.    | {allegra,ihnp4,decvax,utai}!utzoo!henry
