[unisog] designing a password management system for privileged accounts

Valdis.Kletnieks@vt.edu Valdis.Kletnieks at vt.edu
Thu Oct 20 20:43:33 GMT 2005


On Thu, 20 Oct 2005 10:39:40 CDT, Chris Green said:

> If passwords stored on the server are encrypted with the authorized user's
> public keys, where do their private keys reside for the decryption process?
> Is the private key a passphrase that the administrator remembers?

More often, the private key is stored in a "blinded" form, where the passphrase
is entered and combined with the stored key to create the *real* key.

> The system should store "old" passwords to prevent reuse.

No, what it should store is an MD5 or similar hash of the password, and compare
the hash of the new password to the hash of the old.  This stops an information
leakage attack where an attacker could see the *old* password and use the info
to make a better guess at the current one.  If your users used 'July01', 'July02',
and 'July03' as the last 3 passwords, what you think the next is? ;)

(And yes, I know MD5 has issues.  However, (a) it's still impractical to generate
a collision to a specified value, and (b) the failure mode is that some tiny
fraction of the quintillions of possible passwords (mostly not enterable from
the keyboard *anyhow*) will be rejected and a new proposed password chose.

And yes, I also know there's "must be at least N characters different" filters
available for some system that stop the July01/02/03 stuff - but even they don't
stop any but the most obvious patterns.  Humans are *much* better at seeing a
pattern in the last 5-6 and making a guess at the next...)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20051020/c2ee5c13/attachment.bin


More information about the unisog mailing list