passwords in the clear

9fans - fans of the OS Plan 9 from Bell Labs
 help / color / mirror / Atom feed

From: Vadim Antonov avg@postman.ncube.com
Subject: passwords in the clear
Date: Fri, 18 Aug 1995 00:02:14 -0400	[thread overview]
Message-ID: <19950818040214.JDKJCmOgS6x3F20CIyxDIlEtUvcoVOr14re35UffXhc@z> (raw)

Dave Presotto wrote:

>My heart is broken, I can't go on.  I thought I finally got
>rid of the damn things.

>Vadim, what is the property of your firewall that forces you
>to go to a scheme that anyone can break by watching packets
>go by?

If somebody can *watch* packets on Ethernet, that somebody
can also *send* them, ok?  The challenge-reply authentication
is useless on LANs, as stealing an already authenticated TCP
session is trivial.  Sending an ARP bogon is very simple, and
so is programming Pee-See cards for an arbitrary MAC address.
Been there, done that.  The only way to defeat snoopers on
Ethernet is to encrypt all data or to use filtering bridges,
or to use good application-level gateway and not bother with
protection from insiders (which you never can do anyway... as
an insider can always stick a floppy in your machine and
voila! all data is his).

Please, the false expectation of "security" is worse than
the known lack of it.  Overall, the security must be
*adequate*, not *perfect*.  If a person can walk to my
machine i won't bother protecting my files with anything
more elaborate than plaintext passwords, and the company
already has an application-level gateway.

For many of us, SNK doesn't worth the hassle (btw, i wrote
the SNK stuff for BSD, so you can't call me ignorant or
whatever).

--vadim

PS: A helpful SNK hint: to erase the memory you don't need
    to remove the batteries, just type in:

	ON
	3
	ENT
	00000000
	ENT

    repeat the sequence, and it'll give you the EO - prompt.

next             reply	other threads:[~1995-08-18  4:02 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
1995-08-18  4:02 Vadim [this message]
1995-08-18 12:19 presotto
1995-08-19  1:23 Paul
1995-08-21  4:09 Vadim

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=19950818040214.JDKJCmOgS6x3F20CIyxDIlEtUvcoVOr14re35UffXhc@z \
    --to=9fans@9fans.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).