Date: 04/22/95


I usually don't post to this list but I do read it.  I find myself drawn 
to comment.

Q: Why should you endeavor to keep passwords not only unreadable from 
users/players but also from yourself?

A: Because if they are readable, you run the risk of those passwords getting
leaked by one method or another <somone tells, someone "breaks" in, whatever,
MURPHY'S LAW applies here>.  So what you might ask?  "Its just players 
files, sheesh!"  Inevitably, there will be players who, because they are 
lazy, innocent, incompetent, what have you, they use the same password on 
more than one account.  Whether that be internet account, player file, or 
anything else with password locking.  Once those passwords are known, 
they can then be inserted into a password demon hacker and spewn at known 
users@host accounts until one works.  This method is MUCH more likely to 
work compared to the random password daemons that exist because here it 
is known that all these passwords are used by real people, possibly more 
than once as opposed to the pure randomness of the other technique.

I read an example of this long ago.  It was a speal on why should you not 
use the same password at work as you do somewhere else.  It went 
something like this.


Foo has an account at a high security network.  Foo also plays a mud <it 
really did use mud in the supposedly true story>.  The password file, 
unknowingly of Foo or the mud administrator, was stolen by a hacker.  
Hacker then uses these passwords in his nifty keen password hacking 
daemon and after several thousand attempts at various account on various 
systems, gets a match and WAM!  High security network's security is toast.
All because someone was A) foolish enough to use his passwords more than 
once, and B) someone was foolish enough to store passwords in legible format.


This technique works even better if you do some netstats on the mud 
machine while your stealing the passwords.  Then you don't have to stab 
out at sites randomly, you have a list of possible targets on hand.

Moral to the story?
  Either Foo or the mud administrator could have nipped this situation in 
  the bud.  Don't let your own system/behavior cause this kind of security


Want another reason not to store passwords in legible format?  

So your users don't get paranoid about their passwords <even the folx with
low security data in their accounts> so they CAN be stupid and careless
with their passwords instead of keeping half a dozen diff passwords around
for all the games they play. 


This archive was generated by hypermail 2b30 : 12/07/00 PST