[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Idea for "friendly" Windows password hack



 [Let me say up front that beyond a lot of perl hacking, I've never had
 a need to code my way out of a paper bag, so this is not something I'd
 be able to implement myself, at least not without a month of study.]

OK, so we know how to crack .PWL files, and how any program (virus, trojan
horse, Windows Help file calling a DLL beginning with ASCII 229 so that
virus scanners can't see it) can obtain usernames, passwords, etc. even if
persistent "password caching" to disk has been turned off. 

How might Microsoft (or someone else) address this without forcing users
to quit all applications and "log out" of Windows to purge the temporary
"password cache" in RAM? I.e., I don't care much about and know I can't
count on the security of my PC as such, and it's really convenient to
leave a zillion Popular Web Browser windows open when I walk out of my
office, but I don't like the idea that anyone might walk up to my PC and
log on as me to the otherwise (more or less) secure servers I use. 

In thinking about how MacOS PowerTalk deals with this by allowing the user
to "lock" and "unlock" their keychain at will, it occurred to me that
there's no particular reason we should just have to "look, don't touch"
the password cache in RAM. After all, it's our insecure single-user
operating system, and our passwords. 

Why not provide a way to grab the passwords cached in RAM, encrypt them 
securely, put them away somewhere, and scramble the original copy of the 
passwords in RAM so that Microsoft's code can't get to them?

We don't need no steenking user interface. Actually, the first cut at
this wouldn't really need to encrypt them securely, but just deny them to
the OS, and restore them to the OS, on demand. 

Just a quick demo of how Microsoft can and should resolve this issue would
have people beating down our door, and we'd unambiguously be the good
guys. Because we'd be providing the solution, there would be no further 
moral qualms about posting full details and full source code.

-rich
 [email protected]
 ftp://ftp.stanford.edu/pub/mailing-lists/win95netbugs/
 gopher://quixote.stanford.edu/1m/win95netbugs
 http://www-leland.stanford.edu/~llurch/win95netbugs/faq.html