[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Hiding all copies of your PPP password



On Tue, 8 Dec 1998, Shachar Tal wrote:

> I was speaking about using the user's password, not the user name, as the
> key. But even so, you can use block ciphers.

ok. What you said was: login^password = ciphertext, and store ciphertext.
What I said was, that this is not a good idea because a hacker who wants
to crack something belonging to someone will know his login and name 
before that.

Anyway, it's like this:

- You have a system that PPP's to the internet.
- You PPP to an ISP.
- Someone cracks into your system THROUGH the PPP link.

Now, before anything else, he will probably do something with pppd. pppd
runs as root when dialing out. Thus he has root privileges. Next, he gets
/etc/passwd with or without shadow and corrupts login and pppd to make a
door (maybe a shell, but that is big). Last he may collect secrets from
people. If the people use any kind of open source tools for their childish
encryption schemes then they will leave traces thereof. The traces will be
picked up by the intruder (who is smarter than the locals) and he will
know what to do with them. 

If the dialup device is self-decrypting then the intruder needs to run it
with strace on his own machine - and that's it ;(

What you are after is a personal vault. This is a small encrypted block of
data that can be mounted with the loop device only when needed. It is
opened by a password and data in it is accessed, then it is closed. There
remains the problem of where to store the password to open the crypted
block. The hen and the egg problem, so to say. 

(not an expert),

Peter