home *** CD-ROM | disk | FTP | other *** search
- From: rivest@theory.lcs.mit.edu (Ron Rivest)
- Newsgroups: alt.security
- Subject: Semi-variable passwords for remote login
- Date: 14 Feb 92 00:01:21 GMT
- Distribution: alt.security
- Organization: MIT Lab for Computer Science
-
-
-
- SEMI-VARIABLE PASSWORDS FOR REMOTE LOGIN -- A PROPOSAL
- ------------------------------------------------------
- Ronald L. Rivest
- MIT Laboratory for Computer Science
- 2/13/92
-
- Passwords are a notorious security weakness. Either they are poorly
- chosen, in which case they are easily found, or else they are
- well-chosen, hard to remember, and then often written down (and then lost or
- disclosed). And in any case, a fixed password can easily be
- compromised when transmitted over the net. I think it is time to
- recognize that ``static (fixed) passwords are not sufficient for
- security when network logins are allowed'' and to ACT on that knowledge.
-
- Here is a proposal for password usage and checking that is intended to
- be practical, yet quite secure. I would like to see it implemented here
- at MIT in our ``Theory Group'' network of SUNs, but this has not been done yet.
-
- The summary of the proposal: Each user maintains both a ``static
- password'' (which he remembers), and a list of one-time ``variable
- passwords'' (which he has on a sheet of paper). For a local login
- (at the machine console), only the static password is needed. For a
- remote login (over the net) the password he uses is the
- concatenation of his static password and the next unused variable
- password on his variable-password list.
-
- DISCUSSION:
- - -----------
-
- (1) It is assumed that it local logins can be distinguished from remote logins.
-
- (2) A sample one-time password-list is obtainable by anonymous ftp from
- theory.lcs.mit.edu, in the file pub/rivest/passwords/password-list.ps
- This is a sample postscript file giving 150 one-time passwords, plus
- instructions on their use. It is designed to fold up nicely and fit
- in a wallet, without losing passwords in the fold creases.
-
- (3) If a user loses his password list, not all is lost, since his static
- password is not thereby compromised. Similarly, loss of a static
- password by itself is not sufficient to allow an adversary to log in
- over the network.
-
- (4) A user's variable password list should expire after a certain amount of
- time (say three to six months), and be re-issued by the system security
- administrator with new passwords.
-
- (5) Since the variable passwords are not needed for local logins, most logins
- would not change for our users. Only remote logins would require this
- additional authentication information. Users will presumably understand
- and sympathize the requirement that remote logins need additional
- authentication. However, ``inner loop'' (a local login) is as easy
- as it always was for the user.
-
- (6) The basic format of the login protocol is unchanged: you must type a
- login id and a password. This may have advantages for applications
- exercise a login protocol.
-
- (7) The user is not required to purchase any additional hardware. (A
- fancy version of this general approach would be to use a Security
- Dynamics SecurID card, which displays a continually varying password.
- This may be better if you can afford it, but it some expensive for
- our environment.)
-
- (8) If desired for some reason, some users might have zero-length
- variable passwords---in effect, they just have the usual static password.
- That is, the use of variable passwords could be chosen on a per-user
- basis. However, this obviously negates much of the benefit of the whole
- idea...
-
- (9) The password checking program needs to keep track of the variable
- password list for each user, and to know which variable passwords he's
- already used. We envision dedicating a machine to just this function
- (say, a small PC on our Ether sub-net). This machine could ONLY be
- logged into through the console. It would, however, be queried by the
- login protocols of the other machines to check passwords. The password
- lists are stored only on the dedicated PC. The password-checking PC
- might be queried by a remote procedure call, which would return
- "OK" or "not-OK" for a proposed remote userid-password combination.
- There are probably other good ways of implementing this function;
- obviously the integrity and security of the password databases is critical.
- A separate machine means that the files will not be compromised even
- if someone breaks in somehow.
-
- (10) The dedicated PC would be capable of creating new password lists
- and printing them out securely.
-
- (11) The storage requirements for the password lists on the dedicated
- machine are very manageable: if you have 1000 users with 150 5-byte
- passwords each, you need only 750,000 bytes of storage.
-
- (12) If a typical user logs in remotely at most twice a day, then a 150-
- password list should last him for 2-3 months.
-
- (13) The use of printed variable password lists permits them to be mailed
- out to users who never stop by in person. They can even be faxed
- in an emergency.
-
- - --------
-
- I would appreciate any comments or suggestions people have about this
- scheme. (Post to the alt.security, rather than mailing it to me...)
- Are there any obvious security problems, human-engineering problems, or
- other difficulties? Is there anything better that's just as easy to do?
- Comments?
-
- ------- End of Forwarded Message
-
-
-
-
