Re: OT: Password management
- From: Joseph M. Newcomer <newcomer@xxxxxxxxxxxx>
- Date: Tue, 26 May 2009 23:37:42 -0400
See below...
On Tue, 26 May 2009 23:29:53 +0100, Daniel James <wastebasket@xxxxxxxxxxxxxxxx> wrote:
In article news:<tlao155n596l92heq09237fl0r64l1j02n@xxxxxxx>, Joseph M.****
Newcomer wrote:
The basic idea, and I can't go into the reasons because of NDA, is
A client will contact the server and ask for an account password
A client will then use that password to call LogonUserW or
similar API requiring a password
That's not an uncommon sort of requirement. My advice would be "don't do
that". The stuff you can't tell us may well have implications that mean
that you can't do it any other way, but what you suggest is insecure (as
you note) and in general there are better ways of achieving more-or-less
the same thing.
My task is not to deal with security issues they have already addressed, but to provide
enhanced functionality. I know the NDA is a pain, but it is not something I can violate,
so I can't say much about problems that are outside the scope of what I am trying to
accomplish. I can only ask questions that are fairly application-neutral and do not
violate NDA. So the assumption is that if there is anything about other security
concerns, they are outside the scope of the question and cannot be discussed. The
question is very simple: how do I reverse the encryption of a reversible password? Whether
this is good or bad as an abstract concept is irrelevant. What happens to it after it is
decrypted is irrelevant. Other people are working to deal with those issues, or have
dealt with them, or have chosen to not deal with them, and in any case I don't have to
care.
****
****
Yes, they are aware of vulnerability issues during the brief plaintext
time, and for reasons I cannot discuss, that is under control.
I understand ... but that does make it very hard to give relevant advice.
That problem is outside the scope of the question. The question deals with how to decrypt
a reversible password from the database. Answers that encompass other mechanisms, such as
Kerberos, are not something that can be addressed. The question is necessarily very
narrow and very specific, and I cannot divulge how other problems are or have been or may
not be addressed, because even I don't know the answers. Again, the issue is to focus
only on the one specific question, and not try to solve the world's security problems.
****
****
Could you use a Kerberos-based system, for example? Would that address
the need for a centralized authority that yu seem to have?
While there is a lot of talk about reversible password encryption,
there is no discussion of the algorithms or APIs required to actually
do this.
IME the term "reversible password encryption" doesn't refer to any one
specific password encryption algorithm, scheme, or API; it just refers to
the use of some form of reversible protection for passwords rather than
one of the one-way schemes that is usually preferred for its security. It
can be as simple as combining the password with the user ID and
encrypting it with DES or AES (linking the password to the ID in some way
is helpful as it prevents attacks that rely on substituting one user's
known password for another user's unknown one). Other schemes might use a
one-way function to encrypt the password for general use but also encrypt
it with a public key so that some security officer (who has access to the
corresponding private key) can decrypt the password to enable fraud
audits, etc.. There are many possibilities.
But if the encryption is "reversible", then there has to be a way to provide an encryption
service, and necessarily, because of the "reversible", a way to provide a decryption
service. The MSDN docs are silent on all of this, merely referring to the concept without
reference to how it can be used. I know all the *possible* ways it could be done; what I
need to know is the *specific Windows APIs* that are involved in dealing with a
"reversible password encryption". So the problem is to narrow the answer down to how to
write code that handles the decryption of a reversible password. Obviously, systems that
really need to do this, such as CHAP (Challenge-Handshake Authentication Protocol, RFC
2433, RFC 2759) or PPP (RFC 1994) are said to require this, but there is no guidance as to
how someone implementing a CHAP or PPP protocol would decrypt the password. I've spent
hours in google search, on the MSDN Web site, etc., with no hint whatsoever, just vague
handwaves in high-level descriptions. Nothing that references an API or gives a code
sample.
joe
****
Joseph M. Newcomer [MVP]
Cheers,
Daniel.
email: newcomer@xxxxxxxxxxxx
Web: http://www.flounder.com
MVP Tips: http://www.flounder.com/mvp_tips.htm
.
- References:
- OT: Password management
- From: Joseph M . Newcomer
- Re: OT: Password management
- From: Daniel James
- OT: Password management
- Prev by Date: Re: OT: Password management
- Next by Date: Track menu hovering events
- Previous by thread: Re: OT: Password management
- Next by thread: Track menu hovering events
- Index(es):
Relevant Pages
|
Loading
