Newsgroups: comp.risks
X-issue: 5.24
Date: Wed, 5 Aug 87 13:31:36 EDT
From: mnetor!utzoo!henry@uunet.UU.NET
To: RISKS@csl.sri.com
Subject: Re: Security-induced RISK

Those not in the Unix community may not be aware of the excellent security
paper that was published in the Bell Labs Technical Journal a few years ago.
Some parts of it are Unix-specific, but much of it is fairly generic.  The
most interesting parts are discussions of how supposed enhancements in
security actually make things *worse*; the paper is clearly the result of
practical experience, not just theoretical navel-contemplation.  For example,
the problem of logs of incorrect login/password combinations being a source
of useful information is worse than it seems:  even just logs of login names
alone can be informative, because people do accidentally type passwords in
response to the login-name prompt now and then.  For another example, aging
schemes that try to enforce frequent password changes have bad side effects:
"...the most incredibly silly passwords tend to be found on systems equipped
with password aging...".

The paper is "UNIX Operating System Security", by F.T. Grampp and R.H. Morris,
AT&T Bell Laboratories Technical Journal, Vol. 63, No. 8, Oct. 1984, pages
1649-1672.  Any good engineering library will probably have the B.L.T.J.
(formerly the Bell System T.J.), since it is/was one of the top technical
journals of the communications industry.  This particular issue, the second
special issue on Unix, can also be ordered from AT&T, although I don't have
ordering details handy.

Henry Spencer @ U of Toronto Zoology {allegra,ihnp4,decvax,pyramid}!utzoo!henry

    [While you are in that issue, you might just keep on reading.  The paper
    following Grampp and Morris' is also worth looking at:  "File Security
    and the UNIX Crypt Command", J.A. Reeds and P.J. Weinberger, pages
    1673-83: "crypt" was not very secure.  PGN]