Re: Minimal Authorization

Stephen D Crocker (crocker@tis.com)
Sat, 13 Aug 94 13:57:33 -0400

> At 08:09 PM 8/12/94 -0400, Stephen D Crocker wrote:
> >At the risk of sounding too much like an alarmist and a security
> >zealot, passwords in the clear are no longer an acceptable risk. At
> >the very least, a challenge-response system is necessary.
>
> I fully expected this response and appreciate your input. "In the clear"
> is somewhat vague, though. For example, what if they were simply Base64
> (or uuencode, or rot13, or...) encoded ? Then they're not in the clear,
> but the "encryption" is keyless and therefore somewhat trivial.

No, these types of transformations provide no protection. The current
state of hacker technology includes widespread use of sniffers.
Passwords appearing in transit are now regularly recorded and
exploited. Extraction of these passwords from the stream of other
material requires enough sophistication to find the right fields,
determine if the packet contains the password, extract it if it
exists, and forward, perhaps via a circuitous and/or encrypted path,
back to the bad guy. Given this level of sophistication on the part
of the hacker, the longest part of adding uudecode or rot13 to the
sequence is the time it would take him to sneer.

> >One useful scheme is S/Key: it's free, easily avaiable and fits into
> >the existing paradigms.
>
> Could you provide a pointer ?

[Haller94] N. Haller, "The S/Key One-time Password System", Proceedings
of the Symposium on Network & Distributed Systems Security, Internet
Society, February 1994, San Diego, CA.

> >Much stronger schemes are also available, e.g. Kerberos, public key
> >systems, etc.
>
> These are overkill for many applications, hence my request. I'm looking
> more for the "window latch protection" - it won't keep a determined
> burgler out of your house, but it will keep the honest person honest.
>
> >This point has been identified as a critical issue in the security of
> >the Internet and highlighted in a recent Internet Architecture Board
> >workshop.
>
> I appreciate your input and will hopefully not perpetuate passwords in the
> clear (such as TELNET, FTP, etc). How does IETF propose to enhance these
> existing protocols ? Surely they won't jump from "clear" to DES and
> digital signatures ? Perhaps there is some common ground here ?

For protection like S/Key, protocols do not have to changed. Only the
end server end of a connection need be changed. The server simply has
to present the challenge, which it can usually do as part of the
prompt to the user. Instead of sending the same password each time a
connection is established, the password changes each time.

Future protocols will evolve to provide smoother support for this
level of authentication, but the capability exists now.

Steve