[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Hiding all copies of your PPP password
Hi,
On Tue, 8 Dec 1998, Omer Zak wrote:
> Barring major change in the way pppd starts up (and barring any obvious
> oversights by me), the solution to the above problem is:
> 1. Change the above files into soft links to files in a RAM disk (whose
> contents will be destroyed each time the system is booted).
You can put it in the regular place on your disk, and write a wrapper than
execs pppd, and after it exits, deletes the files. That is, unless you
believe your intruder will run over the disk by the sectors and look for
the remains of the file.
> 2. Detect when an attempt to open those files is made, and launch a
> process which asks the user for the password. Using the password, the
> process will generate the files (by means of a perl script or whatever) and
> then allow the file open process to proceed.
You can also XOR your ISP password and your login password, put that in a
file somewhere, and patch /bin/login to XOR it again at login time, and
have .logout remove the plaintext copy at logout time. Your ISP password
can only be revealed after an intruder guesses he should examine your
/bin/login sources (if you keep the sources around!) (or disassembling it
<grin>) and then brute-force your login password (unless any of your
passwords are trivial). This saves you from typing any password again.
Shachar Tal
-------------
Taub Computer Center, Technion, Israel Institute of Technology
finger me for contact info or PGP key.