SYSKEY2. Request For Comments
Luke Kenneth Casson Leighton
lkcl at samba.org
Fri Feb 4 20:38:10 GMT 2000
phil, this isn't about root being trusted or untrusted. it's about making
sure that only root can decode a password stored in a location in a
publicly accessible file.
On Sat, 5 Feb 2000, Phil Mayers wrote:
> I'm afraid I agree. If you don't trust root, then you're screwed. If
> someones get a root shell on the machine, you're deader than courdroy.
> They can essentially do anything, hence it adds no real security, just
> puts another step in the way.
>
> Cheers,
> Phil
>
> jeremy at valinux.com wrote:
> >
> > > i am looking to implement an equivalent mechanism to SYSKEY, however i do
> > > not have the relevant security skills to say whether a proposal is secure
> > > or not.
> >
> > Why ? SYSKEY is a silly idea !
> >
> > Either you trust root, or you don't.
> >
> > If you don't trust root, then all the SYSKEY in
> > the world doesn't help. If you do trust root, then
> > why not let them see the hashed passwords ?
> >
> > Don't give me any "it improves security" crap,
> > as it doesn't (unless you store the key off
> > machine - on a floppy disk needed on machine boot).
> >
> > This is the same issue kerberos has.
> >
> > There is no need to complicate all our code with
> > this stuff, it doesn't even add any security !
> >
> > What does everyone else think ? I don't want you
> > to implement it - it's just a *bad* idea.
> >
> > Jeremy.
>
<a href="mailto:lkcl at samba.org" > Luke Kenneth Casson Leighton </a>
<a href="http://www.cb1.com/~lkcl"> Samba and Network Development </a>
<a href="http://samba.org" > Samba Web site </a>
<a href="http://www.iss.net" > Internet Security Systems, Inc. </a>
<a href="http://mcp.com" > Macmillan Technical Publishing </a>
ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals
More information about the samba-ntdom
mailing list