On Mon, Feb 26, 2007 at 03:38:16PM -0800, Darren.Reed at Sun.COM wrote: > Recently I was quite shocked when I looked in my .gaimrc > file and found that it stored passwords in clear text.
Yes, I know. I have to type a password very often for one particular IM service too -- I have to because I refuse to let Gaim remember it. > Then whilst reading the NWAM spec it mentioned that wifi > passwords are also stored in clear text. Yes, but these are stored in local files not readable to joe random user. > This does not seem ideal. The latter is fine -- short of storing secrets on hardware tokens there's not much choice but to store some secrets in cleartext. E.g., there's the /etc/krb5/krb5.keytab file, and /etc/inet/secret/ike.privatekeys/*, and so on. You can encrypt all of them, but you have to store the decryption key somewhere. Unless you can make every such thing go through a hardware token then such secrets WILL appear in memory in cleartext at some point. > And having to enter all your passwords every !...@*# time is > also a PITA... > > ...using Kerberos is not the right answer - unless every > host is its own KDC. Using Kerberos V and other network authentication protocols for signle sign on in applications like Gaim _is_ a very good answer. It is not a good answer for local system secrets. Applications like Gaim could also do what ssh(1) does: encrypt secrets in some passphrase and prompt the user for the passphrase instead of the actual secret. Firefox supports this, for example. BTW, KDCs too have to store a secret in cleartext somewhere: in a hardware token, in a file, in memory -- somewhere where it can be used). > So what I'd like to suggest is that Solaris provides access > to an encrypted storage "device" that applications can use > to put "sensitive" material in. Unless that is a tamper-resistant/evident hardware token and protocols are used such that the secret need never leave the token in cleartext then you can't achieve this. > If Microsoft can hide usernames and passwords in their > registry in a manner that defeats at least casual browsing, > what can we do? Security by obscurity doesn't get you very far. Don't conflate user applications and system applications (and yes, I understand that wifi logon seems borderline like a user application, but it isn't). User applications have several choices which may depend on what options are available in the application protocols. System applications ultimately have to store secrets in hardware tokens or in cleartext locally. Scrambling such secrets doesn't help. Nico --
